SUSE-SU-2019:1851-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jul 15 14:14:30 MDT 2019
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1851-1
Rating: important
References: #1051510 #1061840 #1065600 #1071995 #1088047
#1094555 #1098633 #1106383 #1106751 #1109137
#1114279 #1119532 #1120423 #1124167 #1127155
#1128432 #1128902 #1128910 #1132154 #1132390
#1133401 #1133738 #1134303 #1134395 #1135296
#1135556 #1135642 #1136157 #1136811 #1136922
#1137103 #1137194 #1137221 #1137366 #1137429
#1137625 #1137728 #1137884 #1137995 #1137996
#1137998 #1137999 #1138000 #1138002 #1138003
#1138005 #1138006 #1138007 #1138008 #1138009
#1138010 #1138011 #1138012 #1138013 #1138014
#1138015 #1138016 #1138017 #1138018 #1138019
#1138291 #1138293 #1138374 #1138375 #1138589
#1138719 #1139751 #1139771 #1139782 #1139865
#1140133 #1140328 #1140405 #1140424 #1140428
#1140575 #1140577 #1140637 #1140658 #1140715
#1140719 #1140726 #1140727 #1140728 #1140814
#1140948 #821419 #945811
Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126
CVE-2019-10638 CVE-2019-10639 CVE-2019-11478
CVE-2019-11599 CVE-2019-12456 CVE-2019-12614
CVE-2019-12818 CVE-2019-12819
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP4
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 77 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2019-10638: A device could have been tracked by an attacker using
the IP ID values the kernel produces for connection-less protocols
(e.g., UDP and ICMP). When such traffic was sent to multiple destination
IP addresses, it was possible to obtain hash collisions (of indices to
the counter array) and thereby obtain the hashing key (via enumeration).
An attack may have been conducted by hosting a crafted web page that
uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP
addresses. (bnc#1140575)
- CVE-2019-10639: Information Exposure (partial kernel address
disclosure), leading to a KASLR bypass. Specifically, it was possible to
extract the KASLR kernel image offset using the IP ID values the kernel
produces for connection-less protocols (e.g., UDP and ICMP). When such
traffic was sent to multiple destination IP addresses, it was possible
to obtain hash collisions (of indices to the counter array) and thereby
obtain the hashing key (via enumeration). This key contains enough bits
from a kernel address (of a static variable) so when the key is
extracted (via enumeration), the offset of the kernel image was exposed.
This attack could have been carried out remotely, by the attacker
forcing the target device to send UDP or ICMP (or certain other) traffic
to attacker-controlled IP addresses. Forcing a server to send UDP
traffic is trivial if the server is a DNS server. ICMP traffic was
trivial if the server answered ICMP Echo requests (ping). For client
targets, if the target visited the attacker's web page, then WebRTC or
gQUIC could be used to force UDP traffic to attacker-controlled IP
addresses. (bnc#1140577)
- CVE-2018-20836: A race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead
to a use-after-free. (bnc#1134395)
- CVE-2019-11599: The coredump implementation in the Linux kernel did not
use locking or other mechanisms to prevent vma layout or vma flags
changes while it runs, which allowed local users to obtain sensitive
information, cause a denial of service, or possibly have unspecified
other impact by triggering a race condition with mmget_not_zero or
get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,
fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
(bnc#1133738)
- CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to
cause denial of service (a NULL pointer dereference and system crash).
(bnc#1137194)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c called put_device() which would trigger a
fixed_mdio_bus_init use-after-free. This would cause a denial of
service. (bnc#1138291)
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may have returned NULL. If the caller did not
check for this, it would trigger a NULL pointer dereference. This would
cause denial of service. (bnc#1138293)
The following non-security bugs were fixed:
- 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
- acpi / property: fix handling of data_nodes in acpi_get_next_subnode()
(bsc#1051510).
- acpi: Add Hygon Dhyana support
- af_key: unconditionally clone on broadcast (bsc#1051510).
- alsa: firewire-lib/fireworks: fix miss detection of received MIDI
messages (bsc#1051510).
- alsa: firewire-motu: fix destruction of data for isochronous resources
(bsc#1051510).
- alsa: hda - Force polling mode on CNL for fixing codec communication
(bsc#1051510).
- alsa: hda/realtek - Change front mic location for Lenovo M710q
(bsc#1051510).
- alsa: hda/realtek - Set default power save node to 0 (bsc#1051510).
- alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
- alsa: hda/realtek: Add quirks for several Clevo notebook barebones
(bsc#1051510).
- alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
- alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
- alsa: seq: fix incorrect order of dest_client/dest_ports arguments
(bsc#1051510).
- alsa: usb-audio: fix sign unintended sign extension on left shifts
(bsc#1051510).
- apparmor: enforce nullbyte at end of tag string (bsc#1051510).
- asoc: cs42xx8: Add regcache mask dirty (bsc#1051510).
- asoc: eukrea-tlv320: fix a leaked reference by adding missing
of_node_put (bsc#1051510).
- asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
- asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).
- asoc: fsl_utils: fix a leaked reference by adding missing of_node_put
(bsc#1051510).
- asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510).
- audit: fix a memory leak bug (bsc#1051510).
- ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).
- batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
(bsc#1051510).
- blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
- blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
- block: Fix a NULL pointer dereference in generic_make_request()
(bsc#1139771).
- bluetooth: Fix faulty expression for minimum encryption key size check
(bsc#1140328).
- bluetooth: Replace the bluetooth fix with the upstream commit
(bsc#1135556)
- brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).
- brcmfmac: fix Oops when bringing up interface during USB disconnect
(bsc#1051510).
- brcmfmac: fix WARNING during USB disconnect in case of unempty psq
(bsc#1051510).
- brcmfmac: fix missing checks for kmemdup (bsc#1051510).
- brcmfmac: fix race during disconnect when USB completion is in progress
(bsc#1051510).
- can: af_can: Fix error path of can_init() (bsc#1051510).
- can: flexcan: fix timeout when set small bitrate (bsc#1051510).
- can: purge socket error queue on sock destruct (bsc#1051510).
- ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
- cfg80211: fix memory leak of wiphy device name (bsc#1051510).
- chardev: add additional check for minor range overlap (bsc#1051510).
- clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510).
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
(bsc#1051510).
- coresight: etb10: Fix handling of perf mode (bsc#1051510).
- coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
- cpu/topology: Export die_id (jsc#SLE-5454).
- cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().
- cpufreq: Add Hygon Dhyana support ().
- crypto: algapi - guard against uninitialized spawn list in
crypto_remove_spawns (bsc#1133401).
- crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
- crypto: user - prevent operating on larval algorithms (bsc#1133401).
- device core: Consolidate locking and unlocking of parent and device
(bsc#1106383).
- dm, dax: Fix detection of DAX support (bsc#1139782).
- dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
- doc: Cope with the deprecation of AutoReporter (bsc#1051510).
- docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
- documentation: Correct the possible MDS sysfs values (bsc#1135642).
- drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
- drbd: disconnect, if the wrong UUIDs are attached on a connected peer
(bsc#1051510).
- drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
- drbd: skip spurious timeout (ping-timeo) when failing promote
(bsc#1051510).
- driver core: Establish order of operations for device_add and device_del
via bitflag (bsc#1106383).
- driver core: Probe devices asynchronously instead of the driver
(bsc#1106383).
- drivers/base: Introduce kill_device() (bsc#1139865).
- drivers/base: kABI fixes for struct device_private (bsc#1106383).
- drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error
handling path in 'rio_dma_transfer()' (bsc#1051510).
- drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
(bsc#1051510).
- drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
(bsc#1051510).
- drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER
(bsc#1051510).
- drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).
- drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
- drm/drv: Hold ref on parent device during drm_device lifetime
(bsc#1051510).
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels
(bsc#1051510).
- drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
- drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
- drm/i915/sdvo: Implement proper HDMI audio support for SDVO
(bsc#1051510).
- drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
configuration (bsc#1051510).
- drm/radeon: prefer lower reference dividers (bsc#1051510).
- drm: Wake up next in drm_read() chain if we are forced to putback the
event (bsc#1051510).
- edac, amd64: Add Hygon Dhyana support ().
- edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
- extcon: arizona: Disable mic detect if running when driver is removed
(bsc#1051510).
- ftrace/x86: Remove possible deadlock between register_kprobe() and
ftrace_run_update_code() (bsc#1071995).
- fuse: fallocate: fix return with locked inode (bsc#1051510).
- fuse: fix writepages on 32bit (bsc#1051510).
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
- genirq: Prevent use-after-free and work list corruption (bsc#1051510).
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
(bsc#1051510).
- genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
- gpio: Remove obsolete comment about gpiochip_free_hogs() usage
(bsc#1051510).
- gpio: fix gpio-adp5588 build errors (bsc#1051510).
- hid: Wacom: switch Dell canvas into highres mode (bsc#1051510).
- hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429).
- hid: logitech-hidpp: change low battery level threshold from 31 to 30
percent (bsc#1051510).
- hid: logitech-hidpp: use RAP instead of FAP to get the protocol version
(bsc#1051510).
- hid: wacom: Add ability to provide explicit battery status info
(bsc#1051510).
- hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
- hid: wacom: Add support for Pro Pen slim (bsc#1051510).
- hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
(bsc#1051510).
- hid: wacom: Do not report anything prior to the tool entering range
(bsc#1051510).
- hid: wacom: Do not set tool type until we're in range (bsc#1051510).
- hid: wacom: Mark expected switch fall-through (bsc#1051510).
- hid: wacom: Move HID fix for AES serial number into
wacom_hid_usage_quirk (bsc#1051510).
- hid: wacom: Move handling of HID quirks into a dedicated function
(bsc#1051510).
- hid: wacom: Properly handle AES serial number and tool type
(bsc#1051510).
- hid: wacom: Queue events with missing type/serial data for later
processing (bsc#1051510).
- hid: wacom: Remove comparison of u8 mode with zero and simplify
(bsc#1051510).
- hid: wacom: Replace touch_max fixup code with static touch_max
definitions (bsc#1051510).
- hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
(bsc#1051510).
- hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible
(bsc#1051510).
- hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
(bsc#1051510).
- hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
(bsc#1051510).
- hid: wacom: convert Wacom custom usages to standard HID usages
(bsc#1051510).
- hid: wacom: fix mistake in printk (bsc#1051510).
- hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
- hid: wacom: generic: Leave tool in prox until it completely leaves sense
(bsc#1051510).
- hid: wacom: generic: Refactor generic battery handling (bsc#1051510).
- hid: wacom: generic: Report AES battery information (bsc#1051510).
- hid: wacom: generic: Reset events back to zero when pen leaves
(bsc#1051510).
- hid: wacom: generic: Scale battery capacity measurements to percentages
(bsc#1051510).
- hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
(bsc#1051510).
- hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
(bsc#1051510).
- hid: wacom: generic: Support multiple tools per report (bsc#1051510).
- hid: wacom: generic: Use generic codepath terminology in
wacom_wac_pen_report (bsc#1051510).
- hid: wacom: generic: add the "Report Valid" usage (bsc#1051510).
- hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
- hwmon/coretemp: Cosmetic: Rename internal variables to zones from
packages (jsc#SLE-5454).
- hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().
- hwmon: (core) add thermal sensors only if dev->of_node is present
(bsc#1051510).
- hwmon: (k10temp) 27C Offset needed for Threadripper2 ().
- hwmon: (k10temp) Add Hygon Dhyana support ().
- hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics ().
- hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs ().
- hwmon: (k10temp) Add support for family 17h ().
- hwmon: (k10temp) Add support for temperature offsets ().
- hwmon: (k10temp) Add temperature offset for Ryzen 1900X ().
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X ().
- hwmon: (k10temp) Correct model name for Ryzen 1600X ().
- hwmon: (k10temp) Display both Tctl and Tdie ().
- hwmon: (k10temp) Fix reading critical temperature register ().
- hwmon: (k10temp) Make function get_raw_temp static ().
- hwmon: (k10temp) Move chip specific code into probe function ().
- hwmon: (k10temp) Only apply temperature offset if result is positive ().
- hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh
processors ().
- hwmon: (k10temp) Use API function to access System Management Network ().
- hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
(bsc#1051510).
- hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset
table ().
- hwrng: omap - Set default quality (bsc#1051510).
- i2c-piix4: Add Hygon Dhyana SMBus support ().
- i2c: acorn: fix i2c warning (bsc#1135642).
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).
- i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).
- ibmveth: Update ethtool settings to reflect virtual properties
(bsc#1136157, LTC#177197).
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
(bsc#1051510).
- iio: common: ssp_sensors: Initialize calculated_time in
ssp_common_process_data (bsc#1051510).
- iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
- input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
- input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
(bsc#1051510).
- iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
(bsc#1051510).
- iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).
- kABI workaround for the new pci_dev.skip_bus_pm field addition
(bsc#1051510).
- kabi: x86/topology: Add CPUID.1F multi-die/package support
(jsc#SLE-5454).
- kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- kernel-binary: Use -c grep option in klp project detection.
- kernel-binary: fix missing \
- kernel-binary: rpm does not support multiline condition
- kernel-subpackage-spec: Add dummy package to ensure subpackages are
rebuilt with kernel update (bsc#1106751). In factory packages are not
rebuilt automatically so a dependency is needed on the old kernel to get
a rebuild with the new kernel. THe subpackage itself cannot depend on
the kernel so add another empty pacakge that does depend on it.
- kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
- kmps: provide and conflict a kernel version specific KMP name
(bsc#1127155, bsc#1109137).
- kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers
(bsc#1061840).
- kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough
interrupts (bsc#1061840).
- kvm: PPC: Book3S: Protect memslots while validating user address
(bsc#1061840).
- kvm: PPC: Release all hardware TCE tables attached to a group
(bsc#1061840).
- kvm: PPC: Remove redundand permission bits removal (bsc#1061840).
- kvm: PPC: Validate TCEs against preregistered memory page sizes
(bsc#1061840).
- kvm: PPC: Validate all tces before updating tables (bsc#1061840).
- kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID
(bsc#1114279).
- kvm: x86: Include multiple indices with CPUID leaf 0x8000001d
(bsc#1114279).
- leds: avoid flush_work in atomic context (bsc#1051510).
- libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
(bsc#1051510).
- libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).
- libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
- mISDN: make sure device name is NUL terminated (bsc#1051510).
- mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
- mac80211: Do not use stack memory with scatterlist for GMAC
(bsc#1051510).
- mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
- mac80211: drop robust management frames from unknown TA (bsc#1051510).
- mac80211: handle deauthentication/disassociation from TDLS peer
(bsc#1051510).
- media: au0828: Fix NULL pointer dereference in
au0828_analog_stream_enable() (bsc#1051510).
- media: au0828: stop video streaming only when last user stops
(bsc#1051510).
- media: coda: clear error return value before picture run (bsc#1051510).
- media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
- media: go7007: avoid clang frame overflow warning with KASAN
(bsc#1051510).
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
(bsc#1051510).
- media: ov2659: make S_FMT succeed even if requested format does not
match (bsc#1051510).
- media: saa7146: avoid high stack usage with clang (bsc#1051510).
- media: smsusb: better handle optional alignment (bsc#1051510).
- media: usb: siano: Fix false-positive "uninitialized variable" warning
(bsc#1051510).
- media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
- media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
- mfd: da9063: Fix OTP control register names to match datasheets for
DA9063/63L (bsc#1051510).
- mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).
- mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
- mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
- mm: pagechage-limit: Calculate pagecache-limit based on node state
(bsc#1136811)
- mmc: core: Prevent processing SDIO IRQs when the card is suspended
(bsc#1051510).
- mmc: core: Verify SD bus width (bsc#1051510).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
(bsc#1051510).
- mmc: mmci: Prevent polling for busy detection in IRQ context
(bsc#1051510).
- mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
(bsc#1051510).
- mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
problem (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
(bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
- mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
- module: Fix livepatch/ftrace module text permissions race (bsc#1071995).
- net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
- net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
- net: mvpp2: prs: Use the correct helpers when removing all VID filters
(bsc#1098633).
- nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
- nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
- nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
- ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
- nvme-rdma: fix double freeing of async event data (bsc#1120423).
- nvme-rdma: fix possible double free of controller async event buffer
(bsc#1120423).
- nvme: copy MTFA field from identify controller (bsc#1140715).
- nvme: skip nvme_update_disk_info() if the controller is not live
(bsc#1128432).
- nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us
(bsc#1051510).
- nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
- nvmem: core: fix read buffer in place (bsc#1051510).
- nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
- nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
(bsc#1051510).
- nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
- nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
- nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
(bsc#1051510).
- nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
- nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
- nvmem: imx-ocotp: Update module description (bsc#1051510).
- nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
- ocfs2: try to reuse extent block in dealloc without meta_alloc
(bsc#1128902).
- parport: Fix mem leak in parport_register_dev_model (bsc#1051510).
- pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
- pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
- pci: rpadlpar: Fix leaked device_node references in add/remove paths
(bsc#1051510).
- perf tools: Add Hygon Dhyana support ().
- perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/rapl: Cosmetic rename internal variables in response to
multi-die/pkg support (jsc#SLE-5454).
- perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg
support (jsc#SLE-5454).
- perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
- platform/chrome: cros_ec_proto: check for NULL transfer function
(bsc#1051510).
- platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
registration (bsc#1051510).
- pm/core: Propagate dev->power.wakeup_path when no callbacks
(bsc#1051510).
- power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
- powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
- powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
- powercap/intel_rapl: Update RAPL domain name and debug messages
(jsc#SLE-5454).
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
(bsc#1138374, LTC#178199).
- powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list
(bsc#1137728, LTC#178106).
- powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL
events (bsc#1137728, LTC#178106).
- powerpc/pseries/mobility: prevent cpu hotplug during DT update
(bsc#1138374, LTC#178199).
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
(bsc#1138374, LTC#178199).
- powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375,
LTC#178204).
- powerpc/rtas: retry when cpu offline races with suspend/migration
(bsc#1140428, LTC#178808).
- ppp: mppe: Add softdep to arc4 (bsc#1088047).
- qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
- qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
- qmi_wwan: add network device usage statistics for qmimux devices
(bsc#1051510).
- qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
- qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
(bsc#1051510).
- qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
- rapidio: fix a NULL pointer dereference when create_workqueue() fails
(bsc#1051510).
- ras/cec: Convert the timer callback to a workqueue (bsc#1114279).
- ras/cec: Fix binary search function (bsc#1114279).
- rpm/dtb.spec.in.in: Fix new include path Commit
89de3db69113d58cdab14d2c777de6080eac49dc ("rpm/dtb.spec.in.in: Update
include path for dt-bindings") introduced an additional include path for
4.12. The commit message had it correct, but the spec file template
lacked a path component, breaking the aarch64 build while succeeding on
armv7hl. Fix that.
- rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before
4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink
to include/dt-bindings/. In 4.12 those include/ directories were
dropped. Therefore use include/ directly. Additionally some
cross-architecture .dtsi reuse was introduced, which requires
scripts/dtc/include-prefixes/ that didn't exist on older kernels.
- rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage
(jsc#SLE-3853).
- rpm/kernel-binary.spec.in: Build livepatch support in SUSE release
projects (bsc#1124167).
- rpm/kernel-subpackage-build: handle arm kernel zImage.
- rpm/kernel-subpackage-spec: only provide firmware actually present in
subpackage.
- rpm/package-descriptions: fix typo in kernel-azure
- rpm/post.sh: correct typo in err msg (bsc#1137625)
- rpm: Add arm64 dtb-allwinner subpackage 4.10 added
arch/arm64/boot/dts/allwinner/.
- rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/.
- rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
- rtc: do not reference bogus function pointer in kdoc (bsc#1051510).
- rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
- s390: fix booting problem (bsc#1140948).
- s390/dasd: fix using offset into zero size array error (bsc#1051510).
- s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
(bsc#1051510).
- s390/qeth: fix race when initializing the IP address table (bsc#1051510).
- s390/setup: fix early warning messages (bsc#1051510).
- s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
- sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).
- sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
- scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.
- scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes
- scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
- scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
- scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
- scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
(bsc#1140727).
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS
routines (bsc#1140728).
- scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
port_remove (bsc#1051510).
- scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
(bsc#1051510).
- scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
devices (bsc#1051510).
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only
sdevs) (bsc#1051510).
- serial: sh-sci: disable DMA for uart_console (bsc#1051510).
- smb3: Fix endian warning (bsc#1137884).
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
(bsc#1051510).
- soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
- spi: Fix zero length xfer bug (bsc#1051510).
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
(bsc#1051510).
- spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).
- spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
- spi: spi-fsl-spi: call spi_finalize_current_message() at the end
(bsc#1051510).
- spi: tegra114: reset controller on probe (bsc#1051510).
- staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
(bsc#1051510).
- staging: vc04_services: prevent integer overflow in create_pagelist()
(bsc#1051510).
- staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
- svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
- svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
- sysctl: handle overflow in proc_get_long (bsc#1051510).
- test_firmware: Use correct snprintf() limit (bsc#1135642).
- thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to
zones from packages (jsc#SLE-5454).
- thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
- thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
- thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
- tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
- tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
- tools/cpupower: Add Hygon Dhyana support ().
- topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
- topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
- tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
- tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
- tty: max310x: Fix external crystal register setup (bsc#1051510).
- tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
- usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
- usb: Fix chipmunk-like voice when using Logitech C270 for recording
audio (bsc#1051510).
- usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor
(bsc#1051510).
- usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
(bsc#1051510).
- usb: core: Do not unbind interfaces following device reset failure
(bsc#1051510).
- usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
- usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression)
(bsc#1135642).
- usb: rio500: fix memory leak in close after disconnect (bsc#1051510).
- usb: rio500: refuse more than one device at a time (bsc#1051510).
- usb: serial: fix initial-termios handling (bsc#1135642).
- usb: serial: option: add Telit 0x1260 and 0x1261 compositions
(bsc#1051510).
- usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
(bsc#1051510).
- usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
- usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
- usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
- usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).
- usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
- usbip: usbip_host: fix BUG: sleeping function called from invalid
context (bsc#1051510).
- usbip: usbip_host: fix stub_dev lock context imbalance regression
(bsc#1051510).
- usbnet: fix kernel crash after disconnect (bsc#1051510).
- usbnet: ipheth: fix racing condition (bsc#1051510).
- vfio: ccw: only free cp on final interrupt (bsc#1051510).
- video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
- video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
- virtio_console: initialize vtermno value for ports (bsc#1051510).
- vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
- vxlan: trivial indenting fix (bsc#1051510).
- vxlan: use __be32 type for the param vni in __vxlan_fdb_delete
(bsc#1051510).
- w1: fix the resume command API (bsc#1051510).
- watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
- x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor
(bsc#1114279).
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
processors ().
- x86/alternative: Init ideal_nops for Hygon Dhyana ().
- x86/amd_nb: Add support for Raven Ridge CPUs ().
- x86/amd_nb: Check vendor in AMD-only functions ().
- x86/apic: Add Hygon Dhyana support ().
- x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().
- x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
- x86/cpu: Create Hygon Dhyana architecture support file ().
- x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().
- x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features
word (jsc#SLE-5382). This changes definitions of some bits, but they are
intended to be used only by the core, so hopefully, no KMP uses the
definitions.
- x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions
(jsc#SLE-5382).
- x86/events: Add Hygon Dhyana support to PMU infrastructure ().
- x86/kvm: Add Hygon Dhyana support to KVM ().
- x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().
- x86/mce: Do not disable MCA banks when offlining a CPU on AMD ().
- x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
- x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
(bsc#1114279).
- x86/microcode: Fix microcode hotplug state (bsc#1114279).
- x86/microcode: Fix the ancient deprecated microcode loading method
(bsc#1114279).
- x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
(bsc#1114279).
- x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge ().
- x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().
- x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
- x86/speculation/mds: Revert CPU buffer clear on double fault exit
(bsc#1114279).
- x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
- x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
- x86/topology: Define topology_die_id() (jsc#SLE-5454).
- x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- x86/xen: Add Hygon Dhyana support to Xen ().
- xen/pciback: Do not disable PCI_COMMAND on PCI device reset
(bsc#1065600).
- xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018).
- xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013).
- xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003).
- xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999).
- xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005).
- xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).
- xfs: fix s_maxbytes overflow problems (bsc#1137996).
- xfs: make xfs_writepage_map extent map centric (bsc#1138009).
- xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
- xfs: move all writeback buffer_head manipulation into xfs_map_at_offset
(bsc#1138014).
- xfs: refactor the tail of xfs_writepage_map (bsc#1138016).
- xfs: remove XFS_IO_INVALID (bsc#1138017).
- xfs: remove the imap_valid flag (bsc#1138012).
- xfs: remove unused parameter from xfs_writepage_map (bsc#1137995).
- xfs: remove xfs_map_cow (bsc#1138007).
- xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
- xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).
- xfs: remove xfs_start_page_writeback (bsc#1138015).
- xfs: rename the offset variable in xfs_writepage_map (bsc#1138008).
- xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly
(bsc#1138011).
- xfs: skip CoW writes past EOF when writeback races with truncate
(bsc#1137998).
- xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002).
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
(bsc#1051510).
- xhci: Use %zu for printing size_t type (bsc#1051510).
- xhci: update bounce buffer with correct sg num (bsc#1051510).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP4:
zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1851=1
- SUSE Linux Enterprise Software Development Kit 12-SP4:
zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1851=1
- SUSE Linux Enterprise Server 12-SP4:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1851=1
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1851=1
- SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1851=1
- SUSE Linux Enterprise Desktop 12-SP4:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1851=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64):
kernel-default-debuginfo-4.12.14-95.24.1
kernel-default-debugsource-4.12.14-95.24.1
kernel-default-extra-4.12.14-95.24.1
kernel-default-extra-debuginfo-4.12.14-95.24.1
- SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-95.24.1
kernel-obs-build-debugsource-4.12.14-95.24.1
- SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch):
kernel-docs-4.12.14-95.24.1
- SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.24.1
kernel-default-base-4.12.14-95.24.1
kernel-default-base-debuginfo-4.12.14-95.24.1
kernel-default-debuginfo-4.12.14-95.24.1
kernel-default-debugsource-4.12.14-95.24.1
kernel-default-devel-4.12.14-95.24.1
kernel-syms-4.12.14-95.24.1
- SUSE Linux Enterprise Server 12-SP4 (noarch):
kernel-devel-4.12.14-95.24.1
kernel-macros-4.12.14-95.24.1
kernel-source-4.12.14-95.24.1
- SUSE Linux Enterprise Server 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.24.1
- SUSE Linux Enterprise Server 12-SP4 (s390x):
kernel-default-man-4.12.14-95.24.1
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64):
kgraft-patch-4_12_14-95_24-default-1-6.5.1
- SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.24.1
cluster-md-kmp-default-debuginfo-4.12.14-95.24.1
dlm-kmp-default-4.12.14-95.24.1
dlm-kmp-default-debuginfo-4.12.14-95.24.1
gfs2-kmp-default-4.12.14-95.24.1
gfs2-kmp-default-debuginfo-4.12.14-95.24.1
kernel-default-debuginfo-4.12.14-95.24.1
kernel-default-debugsource-4.12.14-95.24.1
ocfs2-kmp-default-4.12.14-95.24.1
ocfs2-kmp-default-debuginfo-4.12.14-95.24.1
- SUSE Linux Enterprise Desktop 12-SP4 (x86_64):
kernel-default-4.12.14-95.24.1
kernel-default-debuginfo-4.12.14-95.24.1
kernel-default-debugsource-4.12.14-95.24.1
kernel-default-devel-4.12.14-95.24.1
kernel-default-devel-debuginfo-4.12.14-95.24.1
kernel-default-extra-4.12.14-95.24.1
kernel-default-extra-debuginfo-4.12.14-95.24.1
kernel-syms-4.12.14-95.24.1
- SUSE Linux Enterprise Desktop 12-SP4 (noarch):
kernel-devel-4.12.14-95.24.1
kernel-macros-4.12.14-95.24.1
kernel-source-4.12.14-95.24.1
References:
https://www.suse.com/security/cve/CVE-2018-16871.html
https://www.suse.com/security/cve/CVE-2018-20836.html
https://www.suse.com/security/cve/CVE-2019-10126.html
https://www.suse.com/security/cve/CVE-2019-10638.html
https://www.suse.com/security/cve/CVE-2019-10639.html
https://www.suse.com/security/cve/CVE-2019-11478.html
https://www.suse.com/security/cve/CVE-2019-11599.html
https://www.suse.com/security/cve/CVE-2019-12456.html
https://www.suse.com/security/cve/CVE-2019-12614.html
https://www.suse.com/security/cve/CVE-2019-12818.html
https://www.suse.com/security/cve/CVE-2019-12819.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1088047
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1098633
https://bugzilla.suse.com/1106383
https://bugzilla.suse.com/1106751
https://bugzilla.suse.com/1109137
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1119532
https://bugzilla.suse.com/1120423
https://bugzilla.suse.com/1124167
https://bugzilla.suse.com/1127155
https://bugzilla.suse.com/1128432
https://bugzilla.suse.com/1128902
https://bugzilla.suse.com/1128910
https://bugzilla.suse.com/1132154
https://bugzilla.suse.com/1132390
https://bugzilla.suse.com/1133401
https://bugzilla.suse.com/1133738
https://bugzilla.suse.com/1134303
https://bugzilla.suse.com/1134395
https://bugzilla.suse.com/1135296
https://bugzilla.suse.com/1135556
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1136157
https://bugzilla.suse.com/1136811
https://bugzilla.suse.com/1136922
https://bugzilla.suse.com/1137103
https://bugzilla.suse.com/1137194
https://bugzilla.suse.com/1137221
https://bugzilla.suse.com/1137366
https://bugzilla.suse.com/1137429
https://bugzilla.suse.com/1137625
https://bugzilla.suse.com/1137728
https://bugzilla.suse.com/1137884
https://bugzilla.suse.com/1137995
https://bugzilla.suse.com/1137996
https://bugzilla.suse.com/1137998
https://bugzilla.suse.com/1137999
https://bugzilla.suse.com/1138000
https://bugzilla.suse.com/1138002
https://bugzilla.suse.com/1138003
https://bugzilla.suse.com/1138005
https://bugzilla.suse.com/1138006
https://bugzilla.suse.com/1138007
https://bugzilla.suse.com/1138008
https://bugzilla.suse.com/1138009
https://bugzilla.suse.com/1138010
https://bugzilla.suse.com/1138011
https://bugzilla.suse.com/1138012
https://bugzilla.suse.com/1138013
https://bugzilla.suse.com/1138014
https://bugzilla.suse.com/1138015
https://bugzilla.suse.com/1138016
https://bugzilla.suse.com/1138017
https://bugzilla.suse.com/1138018
https://bugzilla.suse.com/1138019
https://bugzilla.suse.com/1138291
https://bugzilla.suse.com/1138293
https://bugzilla.suse.com/1138374
https://bugzilla.suse.com/1138375
https://bugzilla.suse.com/1138589
https://bugzilla.suse.com/1138719
https://bugzilla.suse.com/1139751
https://bugzilla.suse.com/1139771
https://bugzilla.suse.com/1139782
https://bugzilla.suse.com/1139865
https://bugzilla.suse.com/1140133
https://bugzilla.suse.com/1140328
https://bugzilla.suse.com/1140405
https://bugzilla.suse.com/1140424
https://bugzilla.suse.com/1140428
https://bugzilla.suse.com/1140575
https://bugzilla.suse.com/1140577
https://bugzilla.suse.com/1140637
https://bugzilla.suse.com/1140658
https://bugzilla.suse.com/1140715
https://bugzilla.suse.com/1140719
https://bugzilla.suse.com/1140726
https://bugzilla.suse.com/1140727
https://bugzilla.suse.com/1140728
https://bugzilla.suse.com/1140814
https://bugzilla.suse.com/1140948
https://bugzilla.suse.com/821419
https://bugzilla.suse.com/945811
More information about the sle-security-updates
mailing list