SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jul 4 07:17:38 MDT 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1744-1
Rating:             important
References:         #1051510 #1071995 #1094555 #1111666 #1112374 
                    #1114279 #1128432 #1134730 #1134738 #1135153 
                    #1135296 #1135642 #1136156 #1136157 #1136271 
                    #1136333 #1137103 #1137194 #1137366 #1137884 
                    #1137985 #1138263 #1138336 #1138374 #1138375 
                    #1138589 #1138681 #1138719 #1138732 
Cross-References:   CVE-2018-16871 CVE-2019-12614 CVE-2019-12817
                   
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP1
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise Module for Legacy Software 15-SP1
                    SUSE Linux Enterprise Module for Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Basesystem 15-SP1
                    SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________

   An update that solves three vulnerabilities and has 26
   fixes is now available.

Description:



   The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
   security and bugfixes.

   This update adds support for the Hygon Dhyana CPU (fate#327735).

   The following security bugs were fixed:

   - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
     arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup
     of prop->name, which might allow an attacker to cause a denial of
     service (NULL pointer dereference and system crash) (bnc#1137194).
   - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS
     message sequence was fixed. (bnc#1137103).
   - CVE-2019-12817: On the PowerPC architecture, local attackers could
     access other users processes memory (bnc#1138263).

   The following non-security bugs were fixed:

   - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
   - acpi: Add Hygon Dhyana support (fate#327735).
   - af_key: unconditionally clone on broadcast (bsc#1051510).
   - alsa: firewire-motu: fix destruction of data for isochronous resources
     (bsc#1051510).
   - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
   - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
   - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
   - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
   - audit: fix a memory leak bug (bsc#1051510).
   - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
   - ceph: factor out ceph_lookup_inode() (bsc#1138681).
   - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
   - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
   - ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
   - ceph: print inode number in __caps_issued_mask debugging messages
     (bsc#1138681).
   - ceph: quota: fix quota subdir mounts (bsc#1138681).
   - ceph: remove duplicated filelock ref increase (bsc#1138681).
   - cfg80211: fix memory leak of wiphy device name (bsc#1051510).
   - cpufreq: Add Hygon Dhyana support (fate#327735).
   - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ  (fate#327735).
   - cpu/topology: Export die_id (jsc#SLE-5454).
   - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
   - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
   - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
     (bsc#1051510).
   - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
   - drbd: skip spurious timeout (ping-timeo) when failing promote
     (bsc#1051510).
   - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
     (bsc#1136333 jsc#SLE-4994).
   - drivers: fix a typo in the kernel doc for
     devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
   - drivers: provide devm_platform_ioremap_resource() (bsc#1136333
     jsc#SLE-4994).
   - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error
     handling path in 'rio_dma_transfer()' (bsc#1051510).
   - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
     (bsc#1051510).
   - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER
     (bsc#1051510).
   - drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
   - drm/amd/display: Use plane->color_space for dpp if specified
     (bsc#1111666).
   - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
   - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).
   - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).
   - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).
   - drm/i915: Apply correct ddi translation table for AML device
     (jsc#SLE-4986).
   - drm/i915: Attach the pci match data to the device upon creation
     (jsc#SLE-4986).
   - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).
   - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).
   - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init
     (jsc#SLE-4986).
   - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).
   - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).
   - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).
   - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy
     (jsc#SLE-4986).
   - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
   - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro
     (jsc#SLE-4986).
   - drm/i915/sdvo: Implement proper HDMI audio support for SDVO
     (bsc#1051510).
   - drm/i915: Split Pineview device info into desktop and mobile
     (jsc#SLE-4986).
   - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).
   - drm/i915: start moving runtime device info to a separate struct
     (jsc#SLE-4986).
   - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
     (bsc#1111666).
   - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
     (bsc#1111666).
   - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
   - drm/mediatek: fix unbind functions (bsc#1111666).
   - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
   - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
     configuration (bsc#1051510).
   - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd
     when encoders change (bsc#1111666).
   - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
     (bsc#1111666).
   - EDAC, amd64: Add Hygon Dhyana support (fate#327735).
   - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
   - HID: wacom: Add ability to provide explicit battery status info
     (bsc#1051510).
   - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
   - HID: wacom: Add support for Pro Pen slim (bsc#1051510).
   - HID: wacom: convert Wacom custom usages to standard HID usages
     (bsc#1051510).
   - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
     (bsc#1051510).
   - HID: wacom: Do not report anything prior to the tool entering range
     (bsc#1051510).
   - HID: wacom: Do not set tool type until we're in range (bsc#1051510).
   - HID: wacom: fix mistake in printk (bsc#1051510).
   - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
   - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
   - HID: wacom: generic: Leave tool in prox until it completely leaves sense
     (bsc#1051510).
   - HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
   - HID: wacom: generic: Report AES battery information (bsc#1051510).
   - HID: wacom: generic: Reset events back to zero when pen leaves
     (bsc#1051510).
   - HID: wacom: generic: Scale battery capacity measurements to percentages
     (bsc#1051510).
   - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
     (bsc#1051510).
   - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
     (bsc#1051510).
   - HID: wacom: generic: Support multiple tools per report (bsc#1051510).
   - HID: wacom: generic: Use generic codepath terminology in
     wacom_wac_pen_report (bsc#1051510).
   - HID: wacom: Mark expected switch fall-through (bsc#1051510).
   - HID: wacom: Move handling of HID quirks into a dedicated function
     (bsc#1051510).
   - HID: wacom: Move HID fix for AES serial number into
     wacom_hid_usage_quirk (bsc#1051510).
   - HID: wacom: Properly handle AES serial number and tool type
     (bsc#1051510).
   - HID: wacom: Queue events with missing type/serial data for later
     processing (bsc#1051510).
   - HID: wacom: Remove comparison of u8 mode with zero and simplify
     (bsc#1051510).
   - HID: wacom: Replace touch_max fixup code with static touch_max
     definitions (bsc#1051510).
   - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
     (bsc#1051510).
   - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible
     (bsc#1051510).
   - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
   - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
     (bsc#1051510).
   - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
   - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
     (bsc#1051510).
   - hwmon/coretemp: Cosmetic: Rename internal variables to zones from
     packages (jsc#SLE-5454).
   - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
   - hwmon: (k10temp) 27C Offset needed for Threadripper2  (FATE#327735).
   - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
   - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
     (FATE#327735).
   - hwmon: (k10temp) Add support for family 17h (FATE#327735).
   - hwmon: (k10temp) Add support for Stoney Ridge and Bristol  Ridge CPUs
     (FATE#327735).
   - hwmon: (k10temp) Add support for temperature offsets  (FATE#327735).
   - hwmon: (k10temp) Add temperature offset for Ryzen 1900X  (FATE#327735).
   - hwmon: (k10temp) Add temperature offset for Ryzen 2700X  (FATE#327735).
   - hwmon: (k10temp) Correct model name for Ryzen 1600X  (FATE#327735).
   - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
   - hwmon: (k10temp) Fix reading critical temperature register
     (FATE#327735).
   - hwmon: (k10temp) Make function get_raw_temp static  (FATE#327735).
   - hwmon: (k10temp) Move chip specific code into probe function
     (FATE#327735).
   - hwmon: (k10temp) Only apply temperature offset if result is  positive
     (FATE#327735).
   - hwmon: (k10temp) Support all Family 15h Model 6xh and Model  7xh
     processors (FATE#327735).
   - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify  offset
     table (FATE#327735).
   - hwmon: (k10temp) Use API function to access System Management  Network
     (FATE#327735).
   - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs  (FATE#327735).
   - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
   - ibmveth: Update ethtool settings to reflect virtual properties
     (bsc#1136157, LTC#177197).
   - ipv6: fib: Do not assume only nodes hold a reference on routes
     (bsc#1138732).
   - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803  FATE#327056).
   - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730
     LTC#173388).
   - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042
     bsc#1134730 LTC#173388).
   - kabi/severities: Whitelist airq_iv_* (s390-specific)
   - kABI workaround for asus-wmi changes (bsc#1051510).
   - kABI workaround for the new pci_dev.skip_bus_pm field addition
     (bsc#1051510).
   - kabi: x86/topology: Add CPUID.1F multi-die/package support
     (jsc#SLE-5454).
   - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
   - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID
     (bsc#1114279).
   - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d
     (bsc#1114279).
   - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
   - mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
   - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
   - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
     (bsc#1051510).
   - mmc: mmci: Prevent polling for busy detection in IRQ context
     (bsc#1051510).
   - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
     (bsc#1051510).
   - module: Fix livepatch/ftrace module text permissions race  (bsc#1071995
     fate#323487).
   - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
   - nl80211: fix station_info pertid memory leak (bsc#1051510).
   - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices
     (bsc#1051510).
   - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
   - nvmem: core: fix read buffer in place (bsc#1051510).
   - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
   - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us
     (bsc#1051510).
   - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
     (bsc#1051510).
   - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
   - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
   - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
     (bsc#1051510).
   - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
   - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
   - nvmem: imx-ocotp: Update module description (bsc#1051510).
   - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
   - nvme: skip nvme_update_disk_info() if the controller is not live
     (bsc#1128432).
   - PCI: Disable VF decoding before pcibios_sriov_disable() updates
     resources (jsc#SLE-5803).
   - PCI/IOV: Add flag so platforms can skip VF scanning  (jsc#SLE-5803
     FATE#327056).
   - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).
   - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
   - perf tools: Add Hygon Dhyana support (fate#327735).
   - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
   - perf/x86/intel/rapl: Cosmetic rename internal variables in response to
     multi-die/pkg support (jsc#SLE-5454).
   - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
   - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg
     support (jsc#SLE-5454).
   - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
   - platform/chrome: cros_ec_proto: check for NULL transfer function
     (bsc#1051510).
   - platform_data/mlxreg: Add capability field to core platform data
     (bsc#1112374).
   - platform_data/mlxreg: additions for Mellanox watchdog driver
     (bsc#1112374).
   - platform_data/mlxreg: Document fixes for core platform data
     (bsc#1112374).
   - platform/mellanox: Add new ODM system types to mlx-platform
     (bsc#1112374).
   - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc
     (bsc#1136333 jsc#SLE-4994).
   - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
     (bsc#1111666).
   - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys
     from asus_nb_wmi (bsc#1051510).
   - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Add Package cstates residency info
     (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
     (jsc#SLE-5226).
   - platform/x86: mlx-platform: Add ASIC hotplug device configuration
     (bsc#1112374).
   - platform/x86: mlx-platform: Add definitions for new registers
     (bsc#1112374).
   - platform/x86: mlx-platform: Add extra CPLD for next generation systems
     (bsc#1112374).
   - platform/x86: mlx-platform: Add LED platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlxreg-io platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlx-wdt platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for fan capability registers
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for fan direction register
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for new VMOD0007 board name
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for tachometer speed register
     (bsc#1112374).
   - platform/x86: mlx-platform: Add UID LED for the next generation systems
     (bsc#1112374).
   - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
   - platform/x86: mlx-platform: Fix access mode for fan_dir attribute
     (bsc#1112374).
   - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init()
     (bsc#1112374).
   - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
   - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
     registration (bsc#1051510).
   - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
   - platform/x86: mlx-platform: Remove unused define (bsc#1112374).
   - platform/x86: mlx-platform: Rename new systems product names
     (bsc#1112374).
   - PM / core: Propagate dev->power.wakeup_path when no callbacks
     (bsc#1051510).
   - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
   - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
   - powercap/intel_rapl: Update RAPL domain name and debug messages
     (jsc#SLE-5454).
   - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
     (bsc#1138374, LTC#178199).
   - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375,
     LTC#178204).
   - powerpc/pseries/mobility: prevent cpu hotplug during DT update
     (bsc#1138374, LTC#178199).
   - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
     (bsc#1138374, LTC#178199).
   - power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
   - power: supply: sysfs: prevent endless uevent loop with
     CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
   - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
   - qmi_wwan: add network device usage statistics for qmimux devices
     (bsc#1051510).
   - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
   - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
   - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
     (bsc#1051510).
   - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
   - rapidio: fix a NULL pointer dereference when create_workqueue() fails
     (bsc#1051510).
   - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
   - RAS/CEC: Fix binary search function (bsc#1114279).
   - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
   - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire
     laptops" (bsc#1051510).
   - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen
     enters range" (bsc#1051510).
   - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)."
     This broke the build with older gcc instead.
   - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/airq: recognize directed interrupts (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/dasd: fix using offset into zero size array error (bsc#1051510).
   - s390: enable processes for mio instructions (jsc#SLE-5802  FATE#327055
     bsc#1134738 LTC#173387).
   - s390/ism: move oddities of device IO to wrapper function  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
   - s390/pci: add parameter to disable usage of MIO instructions
     (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: add parameter to force floating irqs (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: clarify interrupt vector usage (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/pci: fix assignment of bus resources (jsc#SLE-5802  FATE#327055
     bsc#1134738 LTC#173387).
   - s390/pci: fix struct definition for set PCI function  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: gather statistics for floating vs directed irqs  (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).
   - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).
   - s390/pci: mark command line parser data __initdata (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: move io address mapping code to pci_insn.c  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: provide support for CPU directed interrupts  (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: provide support for MIO instructions (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730
     LTC#173388).
   - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042  bsc#1134730
     LTC#173388).
   - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).
   - s390/protvirt: add memory sharing for diag 308 set/store  (jsc#SLE-5759
     FATE#327003 bsc#1135153 LTC#173151).
   - s390/protvirt: block kernel command line alteration  (jsc#SLE-5759
     FATE#327003 bsc#1135153 LTC#173151).
   - s390/qeth: fix race when initializing the IP address table (bsc#1051510).
   - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
     (bsc#1051510).
   - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042  bsc#1134730
     LTC#173388).
   - s390/setup: fix early warning messages (bsc#1051510).
   - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042
     bsc#1134730 LTC#173388).
   - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759  FATE#327003
     bsc#1135153 LTC#173151).
   - s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
   - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
   - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: fix an uninitialized read and dereference of pointer dev
     (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712
     bsc#1136156).
   - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712
     bsc#1136156).
   - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver
     (bsc#1136271).
   - scsi: megaraid_sas: correct an info message (bsc#1136271).
   - scsi: megaraid_sas: driver version update (bsc#1136271).
   - scsi: megaraid_sas: Retry reads of outbound_intr_status reg
     (bsc#1136271).
   - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
   - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
   - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD
     (bsc#1136271).
   - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
   - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
   - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
   - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
     port_remove (bsc#1051510).
   - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
     (bsc#1051510).
   - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
     devices (bsc#1051510).
   - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only
     sdevs) (bsc#1051510).
   - serial: sh-sci: disable DMA for uart_console (bsc#1051510).
   - SMB3: Fix endian warning (bsc#1137884).
   - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
     (bsc#1051510).
   - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
   - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
     (bsc#1051510).
   - spi: Fix zero length xfer bug (bsc#1051510).
   - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
   - spi: spi-fsl-spi: call spi_finalize_current_message() at the end
     (bsc#1051510).
   - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
   - spi: tegra114: reset controller on probe (bsc#1051510).
   - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
   - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
   - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to
     zones from packages (jsc#SLE-5454).
   - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
   - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
   - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
   - tools/cpupower: Add Hygon Dhyana support (fate#327735).
   - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
   - topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
   - tty: max310x: Fix external crystal register setup (bsc#1051510).
   - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
   - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
   - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
   - vfio: ccw: only free cp on final interrupt (bsc#1051510).
   - video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
   - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
   - virtio_console: initialize vtermno value for ports (bsc#1051510).
   - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
   - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
   - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
   - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
   - x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
   - x86/apic: Add Hygon Dhyana support (fate#327735).
   - x86/bugs: Add Hygon Dhyana to the respective mitigation  machinery
     (fate#327735).
   - x86/cpu: Add Icelake model number (jsc#SLE-5226).
   - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor
     (bsc#1114279).
   - x86/cpu: Create Hygon Dhyana architecture support file  (fate#327735).
   - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
   - x86/cpufeatures: Combine word 11 and 12 into a new scattered features
     word (jsc#SLE-5382).
   - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions
     (jsc#SLE-5382).
   - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana
     (fate#327735).
   - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die
     processors ().
   - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number  (fate#327735).
   - x86/events: Add Hygon Dhyana support to PMU infrastructure
     (fate#327735).
   - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
   - x86/mce: Add Hygon Dhyana support to the MCA infrastructure
     (fate#327735).
   - x86/mce: Do not disable MCA banks when offlining a CPU on AMD
     (fate#327735).
   - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
   - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
     (bsc#1114279).
   - x86/microcode: Fix microcode hotplug state (bsc#1114279).
   - x86/microcode: Fix the ancient deprecated microcode loading method
     (bsc#1114279).
   - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
     (bsc#1114279).
   - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and  northbridge
     (fate#327735).
   - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on  Dhyana
     (fate#327735).
   - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
   - x86/speculation/mds: Revert CPU buffer clear on double fault exit
     (bsc#1114279).
   - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
   - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
   - x86/topology: Define topology_die_id() (jsc#SLE-5454).
   - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
   - x86/umip: Make the UMIP activated message generic (bsc#1138336).
   - x86/umip: Print UMIP line only once (bsc#1138336).
   - x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
   - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
     processors (fate#327735).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP1:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):

      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      kernel-default-extra-4.12.14-197.7.1
      kernel-default-extra-debuginfo-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      kernel-obs-qa-4.12.14-197.7.1
      kernel-vanilla-4.12.14-197.7.1
      kernel-vanilla-base-4.12.14-197.7.1
      kernel-vanilla-base-debuginfo-4.12.14-197.7.1
      kernel-vanilla-debuginfo-4.12.14-197.7.1
      kernel-vanilla-debugsource-4.12.14-197.7.1
      kernel-vanilla-devel-4.12.14-197.7.1
      kernel-vanilla-devel-debuginfo-4.12.14-197.7.1
      kernel-vanilla-livepatch-devel-4.12.14-197.7.1
      kselftests-kmp-default-4.12.14-197.7.1
      kselftests-kmp-default-debuginfo-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):

      kernel-debug-4.12.14-197.7.1
      kernel-debug-base-4.12.14-197.7.1
      kernel-debug-base-debuginfo-4.12.14-197.7.1
      kernel-debug-debuginfo-4.12.14-197.7.1
      kernel-debug-debugsource-4.12.14-197.7.1
      kernel-debug-devel-4.12.14-197.7.1
      kernel-debug-devel-debuginfo-4.12.14-197.7.1
      kernel-debug-livepatch-devel-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):

      kernel-default-livepatch-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64):

      dtb-al-4.12.14-197.7.1
      dtb-allwinner-4.12.14-197.7.1
      dtb-altera-4.12.14-197.7.1
      dtb-amd-4.12.14-197.7.1
      dtb-amlogic-4.12.14-197.7.1
      dtb-apm-4.12.14-197.7.1
      dtb-arm-4.12.14-197.7.1
      dtb-broadcom-4.12.14-197.7.1
      dtb-cavium-4.12.14-197.7.1
      dtb-exynos-4.12.14-197.7.1
      dtb-freescale-4.12.14-197.7.1
      dtb-hisilicon-4.12.14-197.7.1
      dtb-lg-4.12.14-197.7.1
      dtb-marvell-4.12.14-197.7.1
      dtb-mediatek-4.12.14-197.7.1
      dtb-nvidia-4.12.14-197.7.1
      dtb-qcom-4.12.14-197.7.1
      dtb-renesas-4.12.14-197.7.1
      dtb-rockchip-4.12.14-197.7.1
      dtb-socionext-4.12.14-197.7.1
      dtb-sprd-4.12.14-197.7.1
      dtb-xilinx-4.12.14-197.7.1
      dtb-zte-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):

      kernel-docs-html-4.12.14-197.7.1
      kernel-source-vanilla-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):

      kernel-kvmsmall-4.12.14-197.7.1
      kernel-kvmsmall-base-4.12.14-197.7.1
      kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1
      kernel-kvmsmall-debuginfo-4.12.14-197.7.1
      kernel-kvmsmall-debugsource-4.12.14-197.7.1
      kernel-kvmsmall-devel-4.12.14-197.7.1
      kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1
      kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):

      kernel-zfcpdump-debuginfo-4.12.14-197.7.1
      kernel-zfcpdump-debugsource-4.12.14-197.7.1
      kernel-zfcpdump-man-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      kernel-default-livepatch-4.12.14-197.7.1
      kernel-default-livepatch-devel-4.12.14-197.7.1
      kernel-livepatch-4_12_14-197_7-default-1-3.3.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      reiserfs-kmp-default-4.12.14-197.7.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-197.7.1
      kernel-obs-build-debugsource-4.12.14-197.7.1
      kernel-syms-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):

      kernel-docs-4.12.14-197.7.1
      kernel-source-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-197.7.1
      kernel-default-base-4.12.14-197.7.1
      kernel-default-base-debuginfo-4.12.14-197.7.1
      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      kernel-default-devel-4.12.14-197.7.1
      kernel-default-devel-debuginfo-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):

      kernel-devel-4.12.14-197.7.1
      kernel-macros-4.12.14-197.7.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):

      kernel-default-man-4.12.14-197.7.1
      kernel-zfcpdump-4.12.14-197.7.1
      kernel-zfcpdump-debuginfo-4.12.14-197.7.1
      kernel-zfcpdump-debugsource-4.12.14-197.7.1

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-197.7.1
      cluster-md-kmp-default-debuginfo-4.12.14-197.7.1
      dlm-kmp-default-4.12.14-197.7.1
      dlm-kmp-default-debuginfo-4.12.14-197.7.1
      gfs2-kmp-default-4.12.14-197.7.1
      gfs2-kmp-default-debuginfo-4.12.14-197.7.1
      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      ocfs2-kmp-default-4.12.14-197.7.1
      ocfs2-kmp-default-debuginfo-4.12.14-197.7.1


References:

   https://www.suse.com/security/cve/CVE-2018-16871.html
   https://www.suse.com/security/cve/CVE-2019-12614.html
   https://www.suse.com/security/cve/CVE-2019-12817.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1094555
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1112374
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1128432
   https://bugzilla.suse.com/1134730
   https://bugzilla.suse.com/1134738
   https://bugzilla.suse.com/1135153
   https://bugzilla.suse.com/1135296
   https://bugzilla.suse.com/1135642
   https://bugzilla.suse.com/1136156
   https://bugzilla.suse.com/1136157
   https://bugzilla.suse.com/1136271
   https://bugzilla.suse.com/1136333
   https://bugzilla.suse.com/1137103
   https://bugzilla.suse.com/1137194
   https://bugzilla.suse.com/1137366
   https://bugzilla.suse.com/1137884
   https://bugzilla.suse.com/1137985
   https://bugzilla.suse.com/1138263
   https://bugzilla.suse.com/1138336
   https://bugzilla.suse.com/1138374
   https://bugzilla.suse.com/1138375
   https://bugzilla.suse.com/1138589
   https://bugzilla.suse.com/1138681
   https://bugzilla.suse.com/1138719
   https://bugzilla.suse.com/1138732



More information about the sle-security-updates mailing list