From sle-updates at lists.suse.com Tue May 1 16:07:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 00:07:13 +0200 (CEST) Subject: SUSE-RU-2018:1116-1: moderate: Recommended update for gcc48 Message-ID: <20180501220713.BE9F2FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1116-1 Rating: moderate References: #1082130 #1083945 #1087932 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the system compiler gcc48 fixes the following issues: - Support for generating IBM Z series Spectre Variant 2 fix method "expolines" was added (bsc#1083945) - A miscompilation of SPECcpu2017 526.blender was fixed. (bsc#1082130) - ARM Arch64 Cortex-A53 errata 843419 and 835769 were enabled by default, which could have lead to crashes of built binaries. (bsc#1087932) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-769=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-769=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-769=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-769=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-769=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-769=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-769=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-769=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-769=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-769=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-769=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-769=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-32bit-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE OpenStack Cloud 7 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE OpenStack Cloud 7 (x86_64): gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 - SUSE OpenStack Cloud 6 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE OpenStack Cloud 6 (x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-32bit-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gcc48-gij-32bit-4.8.5-31.14.1 gcc48-gij-4.8.5-31.14.1 gcc48-gij-debuginfo-32bit-4.8.5-31.14.1 gcc48-gij-debuginfo-4.8.5-31.14.1 libgcj48-32bit-4.8.5-31.14.1 libgcj48-4.8.5-31.14.1 libgcj48-debuginfo-32bit-4.8.5-31.14.1 libgcj48-debuginfo-4.8.5-31.14.1 libgcj48-debugsource-4.8.5-31.14.1 libgcj48-jar-4.8.5-31.14.1 libgcj_bc1-4.8.5-31.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-gij-4.8.5-31.14.1 gcc48-gij-debuginfo-4.8.5-31.14.1 gcc48-java-4.8.5-31.14.1 gcc48-java-debuginfo-4.8.5-31.14.1 gcc48-obj-c++-4.8.5-31.14.1 gcc48-obj-c++-debuginfo-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libffi48-debugsource-4.8.5-31.14.1 libffi48-devel-4.8.5-31.14.1 libgcj48-4.8.5-31.14.1 libgcj48-debuginfo-4.8.5-31.14.1 libgcj48-debugsource-4.8.5-31.14.1 libgcj48-devel-4.8.5-31.14.1 libgcj48-devel-debuginfo-4.8.5-31.14.1 libgcj48-jar-4.8.5-31.14.1 libgcj_bc1-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc48-objc-32bit-4.8.5-31.14.1 libobjc4-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64): gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): gcc48-32bit-4.8.5-31.14.1 gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gcc48-32bit-4.8.5-31.14.1 gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gcc48-32bit-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): gcc48-32bit-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-32bit-debuginfo-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-32bit-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-gij-32bit-4.8.5-31.14.1 gcc48-gij-4.8.5-31.14.1 gcc48-gij-debuginfo-32bit-4.8.5-31.14.1 gcc48-gij-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libgcj48-32bit-4.8.5-31.14.1 libgcj48-4.8.5-31.14.1 libgcj48-debuginfo-32bit-4.8.5-31.14.1 libgcj48-debuginfo-4.8.5-31.14.1 libgcj48-debugsource-4.8.5-31.14.1 libgcj48-jar-4.8.5-31.14.1 libgcj_bc1-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Enterprise Storage 4 (noarch): gcc48-info-4.8.5-31.14.1 - SUSE Enterprise Storage 4 (x86_64): cpp48-4.8.5-31.14.1 cpp48-debuginfo-4.8.5-31.14.1 gcc48-32bit-4.8.5-31.14.1 gcc48-4.8.5-31.14.1 gcc48-ada-4.8.5-31.14.1 gcc48-ada-debuginfo-4.8.5-31.14.1 gcc48-c++-4.8.5-31.14.1 gcc48-c++-debuginfo-4.8.5-31.14.1 gcc48-debuginfo-4.8.5-31.14.1 gcc48-debugsource-4.8.5-31.14.1 gcc48-fortran-4.8.5-31.14.1 gcc48-fortran-debuginfo-4.8.5-31.14.1 gcc48-locale-4.8.5-31.14.1 gcc48-objc-4.8.5-31.14.1 gcc48-objc-debuginfo-4.8.5-31.14.1 libada48-4.8.5-31.14.1 libada48-debuginfo-4.8.5-31.14.1 libasan0-32bit-4.8.5-31.14.1 libasan0-4.8.5-31.14.1 libasan0-debuginfo-4.8.5-31.14.1 libobjc4-4.8.5-31.14.1 libobjc4-debuginfo-4.8.5-31.14.1 libstdc++48-devel-32bit-4.8.5-31.14.1 libstdc++48-devel-4.8.5-31.14.1 References: https://bugzilla.suse.com/1082130 https://bugzilla.suse.com/1083945 https://bugzilla.suse.com/1087932 From sle-updates at lists.suse.com Tue May 1 16:08:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 00:08:11 +0200 (CEST) Subject: SUSE-RU-2018:1117-1: Recommended update for gcc43 Message-ID: <20180501220811.1B9F8FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc43 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1117-1 Rating: low References: #1039513 #1059075 #1074621 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: gcc43 was updated to enable new security features: - Add support for retpolines to mitigate Spectre v2. [bnc#1074621] - Add support for -fstack-clash-protection. [bnc#1039513] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-gcc43-13585=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-gcc43-13585=1 Package List: - SUSE Studio Onsite Runner 1.3 (s390x): libffi43-4.3.4_20091019-24.5.1 - SUSE Studio Onsite 1.3 (x86_64): libffi43-4.3.4_20091019-24.5.1 libgfortran43-4.3.4_20091019-24.5.1 References: https://bugzilla.suse.com/1039513 https://bugzilla.suse.com/1059075 https://bugzilla.suse.com/1074621 From sle-updates at lists.suse.com Wed May 2 04:11:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 12:11:34 +0200 (CEST) Subject: SUSE-SU-2018:1121-1: important: Security update for corosync Message-ID: <20180502101134.C630EFD43@maintenance.suse.de> SUSE Security Update: Security update for corosync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1121-1 Rating: important References: #1066585 #1083561 #1089346 Cross-References: CVE-2018-1084 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for corosync fixes the following issue: - CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346) - Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585) - Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-771=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-771=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.6-9.13.1 corosync-debugsource-2.3.6-9.13.1 libcorosync-devel-2.3.6-9.13.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): corosync-2.3.6-9.13.1 corosync-debuginfo-2.3.6-9.13.1 corosync-debugsource-2.3.6-9.13.1 libcorosync4-2.3.6-9.13.1 libcorosync4-debuginfo-2.3.6-9.13.1 References: https://www.suse.com/security/cve/CVE-2018-1084.html https://bugzilla.suse.com/1066585 https://bugzilla.suse.com/1083561 https://bugzilla.suse.com/1089346 From sle-updates at lists.suse.com Wed May 2 04:12:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 12:12:30 +0200 (CEST) Subject: SUSE-SU-2018:1122-1: moderate: squid Message-ID: <20180502101230.3F5D3FD38@maintenance.suse.de> SUSE Security Update: squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1122-1 Rating: moderate References: #1090089 Cross-References: CVE-2018-1172 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: - CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability (bsc#1090089). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-772=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.9.1 squid-debuginfo-3.5.21-26.9.1 squid-debugsource-3.5.21-26.9.1 References: https://www.suse.com/security/cve/CVE-2018-1172.html https://bugzilla.suse.com/1090089 From sle-updates at lists.suse.com Wed May 2 04:14:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 12:14:29 +0200 (CEST) Subject: SUSE-RU-2018:1124-1: moderate: Recommended update for openvswitch Message-ID: <20180502101429.B2F4CFD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1124-1 Rating: moderate References: #1089476 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: - Preserve 'enable' status of openvswitch.service file when upgrading from SLE-12-SP3 (bsc#1089476) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-770=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.0-3.13.1 openvswitch-debuginfo-2.7.0-3.13.1 openvswitch-debugsource-2.7.0-3.13.1 References: https://bugzilla.suse.com/1089476 From sle-updates at lists.suse.com Wed May 2 07:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 15:07:12 +0200 (CEST) Subject: SUSE-SU-2018:1125-1: moderate: Security update for dovecot22 Message-ID: <20180502130712.832D5FD43@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1125-1 Rating: moderate References: #1082826 Cross-References: CVE-2017-14461 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: - CVE-2017-14461: dovecot22: rfc822_parse_domain (bsc#1082826) Information Leak Vulnerability Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-773=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-773=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.8.1 dovecot22-debugsource-2.2.31-19.8.1 dovecot22-devel-2.2.31-19.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.8.1 dovecot22-backend-mysql-2.2.31-19.8.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.8.1 dovecot22-backend-pgsql-2.2.31-19.8.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.8.1 dovecot22-backend-sqlite-2.2.31-19.8.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.8.1 dovecot22-debuginfo-2.2.31-19.8.1 dovecot22-debugsource-2.2.31-19.8.1 References: https://www.suse.com/security/cve/CVE-2017-14461.html https://bugzilla.suse.com/1082826 From sle-updates at lists.suse.com Wed May 2 13:07:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 21:07:33 +0200 (CEST) Subject: SUSE-RU-2018:1127-1: Recommended update for php7 Message-ID: <20180502190733.3F3CFFD7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for php7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1127-1 Rating: low References: #1090133 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for php7 fixes the following issues: - Fix SplFileObject::getCsvControl() to return escape characters as well (bsc#1090133) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-774=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-774=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.35.1 php7-debugsource-7.0.7-50.35.1 php7-devel-7.0.7-50.35.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.35.1 apache2-mod_php7-debuginfo-7.0.7-50.35.1 php7-7.0.7-50.35.1 php7-bcmath-7.0.7-50.35.1 php7-bcmath-debuginfo-7.0.7-50.35.1 php7-bz2-7.0.7-50.35.1 php7-bz2-debuginfo-7.0.7-50.35.1 php7-calendar-7.0.7-50.35.1 php7-calendar-debuginfo-7.0.7-50.35.1 php7-ctype-7.0.7-50.35.1 php7-ctype-debuginfo-7.0.7-50.35.1 php7-curl-7.0.7-50.35.1 php7-curl-debuginfo-7.0.7-50.35.1 php7-dba-7.0.7-50.35.1 php7-dba-debuginfo-7.0.7-50.35.1 php7-debuginfo-7.0.7-50.35.1 php7-debugsource-7.0.7-50.35.1 php7-dom-7.0.7-50.35.1 php7-dom-debuginfo-7.0.7-50.35.1 php7-enchant-7.0.7-50.35.1 php7-enchant-debuginfo-7.0.7-50.35.1 php7-exif-7.0.7-50.35.1 php7-exif-debuginfo-7.0.7-50.35.1 php7-fastcgi-7.0.7-50.35.1 php7-fastcgi-debuginfo-7.0.7-50.35.1 php7-fileinfo-7.0.7-50.35.1 php7-fileinfo-debuginfo-7.0.7-50.35.1 php7-fpm-7.0.7-50.35.1 php7-fpm-debuginfo-7.0.7-50.35.1 php7-ftp-7.0.7-50.35.1 php7-ftp-debuginfo-7.0.7-50.35.1 php7-gd-7.0.7-50.35.1 php7-gd-debuginfo-7.0.7-50.35.1 php7-gettext-7.0.7-50.35.1 php7-gettext-debuginfo-7.0.7-50.35.1 php7-gmp-7.0.7-50.35.1 php7-gmp-debuginfo-7.0.7-50.35.1 php7-iconv-7.0.7-50.35.1 php7-iconv-debuginfo-7.0.7-50.35.1 php7-imap-7.0.7-50.35.1 php7-imap-debuginfo-7.0.7-50.35.1 php7-intl-7.0.7-50.35.1 php7-intl-debuginfo-7.0.7-50.35.1 php7-json-7.0.7-50.35.1 php7-json-debuginfo-7.0.7-50.35.1 php7-ldap-7.0.7-50.35.1 php7-ldap-debuginfo-7.0.7-50.35.1 php7-mbstring-7.0.7-50.35.1 php7-mbstring-debuginfo-7.0.7-50.35.1 php7-mcrypt-7.0.7-50.35.1 php7-mcrypt-debuginfo-7.0.7-50.35.1 php7-mysql-7.0.7-50.35.1 php7-mysql-debuginfo-7.0.7-50.35.1 php7-odbc-7.0.7-50.35.1 php7-odbc-debuginfo-7.0.7-50.35.1 php7-opcache-7.0.7-50.35.1 php7-opcache-debuginfo-7.0.7-50.35.1 php7-openssl-7.0.7-50.35.1 php7-openssl-debuginfo-7.0.7-50.35.1 php7-pcntl-7.0.7-50.35.1 php7-pcntl-debuginfo-7.0.7-50.35.1 php7-pdo-7.0.7-50.35.1 php7-pdo-debuginfo-7.0.7-50.35.1 php7-pgsql-7.0.7-50.35.1 php7-pgsql-debuginfo-7.0.7-50.35.1 php7-phar-7.0.7-50.35.1 php7-phar-debuginfo-7.0.7-50.35.1 php7-posix-7.0.7-50.35.1 php7-posix-debuginfo-7.0.7-50.35.1 php7-pspell-7.0.7-50.35.1 php7-pspell-debuginfo-7.0.7-50.35.1 php7-shmop-7.0.7-50.35.1 php7-shmop-debuginfo-7.0.7-50.35.1 php7-snmp-7.0.7-50.35.1 php7-snmp-debuginfo-7.0.7-50.35.1 php7-soap-7.0.7-50.35.1 php7-soap-debuginfo-7.0.7-50.35.1 php7-sockets-7.0.7-50.35.1 php7-sockets-debuginfo-7.0.7-50.35.1 php7-sqlite-7.0.7-50.35.1 php7-sqlite-debuginfo-7.0.7-50.35.1 php7-sysvmsg-7.0.7-50.35.1 php7-sysvmsg-debuginfo-7.0.7-50.35.1 php7-sysvsem-7.0.7-50.35.1 php7-sysvsem-debuginfo-7.0.7-50.35.1 php7-sysvshm-7.0.7-50.35.1 php7-sysvshm-debuginfo-7.0.7-50.35.1 php7-tokenizer-7.0.7-50.35.1 php7-tokenizer-debuginfo-7.0.7-50.35.1 php7-wddx-7.0.7-50.35.1 php7-wddx-debuginfo-7.0.7-50.35.1 php7-xmlreader-7.0.7-50.35.1 php7-xmlreader-debuginfo-7.0.7-50.35.1 php7-xmlrpc-7.0.7-50.35.1 php7-xmlrpc-debuginfo-7.0.7-50.35.1 php7-xmlwriter-7.0.7-50.35.1 php7-xmlwriter-debuginfo-7.0.7-50.35.1 php7-xsl-7.0.7-50.35.1 php7-xsl-debuginfo-7.0.7-50.35.1 php7-zip-7.0.7-50.35.1 php7-zip-debuginfo-7.0.7-50.35.1 php7-zlib-7.0.7-50.35.1 php7-zlib-debuginfo-7.0.7-50.35.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.35.1 php7-pear-Archive_Tar-7.0.7-50.35.1 References: https://bugzilla.suse.com/1090133 From sle-updates at lists.suse.com Wed May 2 13:08:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 21:08:01 +0200 (CEST) Subject: SUSE-SU-2018:1128-1: important: Security update for patch Message-ID: <20180502190801.35E13FD7B@maintenance.suse.de> SUSE Security Update: Security update for patch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1128-1 Rating: important References: #1080918 #1080951 #1088420 Cross-References: CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for patch fixes the following issues: Security issues fixed: - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-777=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-777=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): patch-2.7.5-8.5.1 patch-debuginfo-2.7.5-8.5.1 patch-debugsource-2.7.5-8.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): patch-2.7.5-8.5.1 patch-debuginfo-2.7.5-8.5.1 patch-debugsource-2.7.5-8.5.1 References: https://www.suse.com/security/cve/CVE-2016-10713.html https://www.suse.com/security/cve/CVE-2018-1000156.html https://www.suse.com/security/cve/CVE-2018-6951.html https://bugzilla.suse.com/1080918 https://bugzilla.suse.com/1080951 https://bugzilla.suse.com/1088420 From sle-updates at lists.suse.com Wed May 2 13:08:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 21:08:47 +0200 (CEST) Subject: SUSE-SU-2018:1129-1: moderate: Security update for ImageMagick Message-ID: <20180502190847.01680FD7B@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1129-1 Rating: moderate References: #1047356 #1086773 #1086782 #1087027 #1087033 #1087037 #1089781 Cross-References: CVE-2017-1000476 CVE-2017-10928 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - security update (png.c) * CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] * CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781) - security update (wand) * CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (core) * CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] - security update (pcd.c) * CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - security update (gif.c) * CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - security update (tiff.c) * CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13586=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13586=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13586=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.45.1 ImageMagick-devel-6.4.3.6-78.45.1 libMagick++-devel-6.4.3.6-78.45.1 libMagick++1-6.4.3.6-78.45.1 libMagickWand1-6.4.3.6-78.45.1 perl-PerlMagick-6.4.3.6-78.45.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.45.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.45.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.45.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.45.1 ImageMagick-debugsource-6.4.3.6-78.45.1 References: https://www.suse.com/security/cve/CVE-2017-1000476.html https://www.suse.com/security/cve/CVE-2017-10928.html https://www.suse.com/security/cve/CVE-2017-18251.html https://www.suse.com/security/cve/CVE-2017-18252.html https://www.suse.com/security/cve/CVE-2017-18254.html https://www.suse.com/security/cve/CVE-2018-10177.html https://www.suse.com/security/cve/CVE-2018-8960.html https://www.suse.com/security/cve/CVE-2018-9018.html https://bugzilla.suse.com/1047356 https://bugzilla.suse.com/1086773 https://bugzilla.suse.com/1086782 https://bugzilla.suse.com/1087027 https://bugzilla.suse.com/1087033 https://bugzilla.suse.com/1087037 https://bugzilla.suse.com/1089781 From sle-updates at lists.suse.com Wed May 2 13:10:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 May 2018 21:10:06 +0200 (CEST) Subject: SUSE-SU-2018:1130-1: important: Security update for corosync Message-ID: <20180502191006.D1AF8FD7B@maintenance.suse.de> SUSE Security Update: Security update for corosync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1130-1 Rating: important References: #1066585 #1083030 #1083561 #1089346 Cross-References: CVE-2018-1084 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for corosync provides the following fixes: - CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346) - Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585) - Fix a problem that was causing corosync memory to increase on ring breakup. (bsc#1083030) - Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-775=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): corosync-2.3.5-6.23.1 corosync-debuginfo-2.3.5-6.23.1 corosync-debugsource-2.3.5-6.23.1 libcorosync4-2.3.5-6.23.1 libcorosync4-debuginfo-2.3.5-6.23.1 References: https://www.suse.com/security/cve/CVE-2018-1084.html https://bugzilla.suse.com/1066585 https://bugzilla.suse.com/1083030 https://bugzilla.suse.com/1083561 https://bugzilla.suse.com/1089346 From sle-updates at lists.suse.com Wed May 2 19:07:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 03:07:09 +0200 (CEST) Subject: SUSE-RU-2018:1131-1: moderate: Recommended update for sapconf Message-ID: <20180503010709.91529FD7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1131-1 Rating: moderate References: #1026862 #1031073 #1032516 #1048550 #1064720 #1070386 #1070390 #1070494 #1070495 #1070496 #1070503 #1070506 #1070508 #1071539 #1087455 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Refactoring sapconf parameter settings together with SAP Linux Lab. (fate#324491) ATTENTION: One main feature of this sapconf package update is a consolidation of all sapconf configuration settings into the central /etc/sysconfig/sapconf configuration file (except those settings related to ASE or BOBJ and those settings which can only be set via tuned.conf). This will result in a lot of configuration file changes concerning the following files: * /etc/sysconfig/sapconf * /etc/sysconfig/sapnote-1557506 * /usr/lib/tuned/sap-netweaver/tuned.conf * /usr/lib/tuned/sap-hana/tuned.conf. This means that your system configuration will be changed after a restart of tuned or during a system reboot. Please read carefully the following information about configuration file handling before restarting tuned or rebooting the system. (bsc#1070508) - The configuration file handling during the package installation has changed (bsc#1070496, bsc#1070508): * During an initial package installation the new sysconfig file, which includes the pagecache values from the former file sapnote-1557506 are copied to /etc/sysconfig/sapconf and the changes will take effect immediately after the package installation. * During a package update, previously created /etc/sysconfig files will exist. The file /etc/sysconfig/sapconf is saved to /etc/sysconfig/sapconf.rpmsave and the new sysconfig file is copied to /etc/sysconfig. * If the pagecache handling is enabled in the file /etc/sysconfig/sapnote-1557506, the values from this file are copied to /etc/sysconfig/sapconf and the obsolete file /etc/sysconfig/sapnote-1557506 is removed. The changes will take effect immediately after the package installation. * If the file /etc/sysconfig/sapconf.rpmsave exists and contains system specific modifications, please check after the package installation and merge these changes manually into /etc/sysconfig/sapconf. * Remove the file /etc/sysconfig/sapconf.rpmsave before you restart the sapconf service to get the changes take effect. - Add a systemd unit file sapconf.service to start tuned, uuidd.socket and sysstat during system boot and after initial package installation and to restart tuned during package update so that the changes will take effect immediately. (fate#325471, bsc#1087455) - Check if pagecache limit is available at the system and if yes, set pagecache limit according to the settings in /etc/sysconfig/sapconf. If not, write a message to the log file. (bsc#1071539, fate#323778) - Use the same tuning values for HANA and Netweaver workloads. That means the use of the same tuned.conf and script.sh file for both profiles (sap-hana and sap-netweaver). This should lead to a better base for mixed HANA and ABAB workloads on one system. (bsc#1070508) - The pagecache configuration is now integrated in the general sapconf sysconfig file and the old sysconfig file sapnote-1557506 is obsolete. As before pagecache handling is disabled by default. - The following parameters are additionally specified (instead of static tuning inside the tuning script or defined in other configuration files like tuned.conf or sapnote-1557506) or changed in the central configuration file /etc/sysconfig/sapconf (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070508): * vm.max_map_count, vm.dirty_bytes, vm.dirty_background_bytes, kernel.shmmni, net.ipv4.tcp_slow_start_after_idle, ksm, transparent_hugepages, numa_balancing: parameters added and value changed. * vm.pagecache_limit_ignore_dirty, vm.pagecache_limit_mb: parameters added and commented out * kernel.shmall, kernel.shmmax, kernel.sem: parameters changed. But keep in mind: higher system value will ever remain unchanged. sapconf will respect higher values set by the system or by the administrator using sysctl configuration files. Values set with sysctl command will respect too, but they will not survive a system reboot. Every tuning action is logged to /var/log/sapconf.log - The following parameters were specified in tuned.conf of profile sap-hana and/or sap-netweaver before but were removed from tuned.conf because they are redundant, not mentioned in any SAP Note, replaced by another parameter, moved to another configuration file or commented out, or because they are only valid for a special architecture or special tasks (like the [cpu] part was only valid for Intel architecture and only performance related): * vm.swappiness, kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, readahead: parameters removed. * [cpu] section with governor, energy_perf_bias, min_perf_pct: parameters commented out. * vm.dirty_ratio, vm.dirty_background_ratio: parameters removed from tuned.conf, replaced by vm.dirty_bytes, vm.dirty_background_bytes defined in sysconfig/sapconf. * kernel.sem, net.ipv4.tcp_slow_start_after_idle, transparent_hugepages: parameters moved to sysconfig/sapconf. ATTENTION: these changes will take effect immediately after restarting tuned. Unless the administrator is using a custom copy of the tuned.conf file in /etc/tuned/ (where may be sap-hana or sap-netweaver) to set own or changed values, the tuned.conf files in /etc/tuned/ remain untouched during package installation. To get the new behavior SAP recommends, remove the profile copy from /etc/tuned or copy the new tuned.conf file from /usr/lib/tuned/ to /etc/tuned/ or compare the files in /etc/tuned/ with the files in /usr/lib/tuned/ manually and adjust the content, if needed. (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070503, bsc#1048550, bsc#1064720) - Setting of UserTasksMax, a parameter of the systemd login manager, will be done in the post script during the package installation. The value is set to 'infinity'. NOTE: A reboot is needed after the first setup to get the changes to take effect. A message will indicate if a reboot is necessary. As before there is no automatic rollback. (bsc#1070386) - Enable and start sysstat service during post script of the package installation (see SAP Note 1310037). (bsc#1070390) - Add package requirements including a short description to the man page of sapconf and to the central configuration file /etc/sysconfig/sapconf. (bsc#1070390) - Update the sapconf man page and associated man pages to reflect all the changes of this sapconf version. (bsc#1070506) - Respect active tuned profile during reboot of the system even if it is not a 'sap' profile. sapconf only activates sap-netweaver profile by default, if NO tuned profile is actually set. (bsc#1026862) - Re-insert 'elevator=noop' to tuned.conf of profile sap-hana and sap-netweaver. (bsc#1031073, bsc#1032516, bsc#1070494) - sapconf will set ALL values specified in the file /etc/sysconfig/sapconf irrespective of the current system value. The values will not only be increased, but also decreased if the value in the sysconfig file is lower than the current system value. All actions are logged to /var/log/sapconf.log. (fate#325547) - Change variable names in sysconfig file to avoid confusion. (bsc#1070495) - Remove unnecessary TMPFS_SIZE_MIN from sysconfig file. (bsc#1070496) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-778=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): sapconf-4.1.12-40.47.1 References: https://bugzilla.suse.com/1026862 https://bugzilla.suse.com/1031073 https://bugzilla.suse.com/1032516 https://bugzilla.suse.com/1048550 https://bugzilla.suse.com/1064720 https://bugzilla.suse.com/1070386 https://bugzilla.suse.com/1070390 https://bugzilla.suse.com/1070494 https://bugzilla.suse.com/1070495 https://bugzilla.suse.com/1070496 https://bugzilla.suse.com/1070503 https://bugzilla.suse.com/1070506 https://bugzilla.suse.com/1070508 https://bugzilla.suse.com/1071539 https://bugzilla.suse.com/1087455 From sle-updates at lists.suse.com Wed May 2 19:10:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 03:10:31 +0200 (CEST) Subject: SUSE-RU-2018:1132-1: Recommended update for rpm Message-ID: <20180503011031.1ECC8FD7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1132-1 Rating: low References: #1003714 #1027925 #1069934 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpm provides the following fixes: - Fix find-lang.sh to handle special case of .qm file paths correctly. (bsc#1027925) - Add %sle_version macro to suse_macros. (bsc#1003714) - Added a %rpm_vercmp macro which accepts two versions as parameters and returns -1, 0, 1 if the first version is less than, equal or greater than the second version respectively. - Added a %pkg_version macro that accepts a package or capability name as argument and returns the version number of the installed package. If no package provides the argument, it returns the string "~~~". - Added a %pkg_vcmp macro that accepts 3 parameters. The first parameter is a package name or provided capability name, the second argument is an operator ( < <= = >= > != ) and the third parameter is a version string to be compared to the installed version of the first argument. - Added a %pkg_version_cmp macro which accepts a package or capability name as first argument and a version number as second argument and returns -1, 0, 1 or "~~~". The number values have the same meaning as in %rpm_vercmp and the "~~~" string is returned if the package or capability can't be found. (bsc#1069934) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-779=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-779=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-779=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-779=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpm-debuginfo-4.11.2-16.7.1 rpm-debugsource-4.11.2-16.7.1 rpm-devel-4.11.2-16.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rpm-4.11.2-16.7.1 rpm-build-4.11.2-16.7.1 rpm-build-debuginfo-4.11.2-16.7.1 rpm-debuginfo-4.11.2-16.7.1 rpm-debugsource-4.11.2-16.7.1 rpm-python-4.11.2-16.7.1 rpm-python-debuginfo-4.11.2-16.7.1 rpm-python-debugsource-4.11.2-16.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): rpm-32bit-4.11.2-16.7.1 rpm-debuginfo-32bit-4.11.2-16.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rpm-32bit-4.11.2-16.7.1 rpm-4.11.2-16.7.1 rpm-build-4.11.2-16.7.1 rpm-build-debuginfo-4.11.2-16.7.1 rpm-debuginfo-32bit-4.11.2-16.7.1 rpm-debuginfo-4.11.2-16.7.1 rpm-debugsource-4.11.2-16.7.1 rpm-python-4.11.2-16.7.1 rpm-python-debuginfo-4.11.2-16.7.1 rpm-python-debugsource-4.11.2-16.7.1 - SUSE CaaS Platform ALL (x86_64): rpm-4.11.2-16.7.1 rpm-debuginfo-4.11.2-16.7.1 rpm-debugsource-4.11.2-16.7.1 rpm-python-4.11.2-16.7.1 rpm-python-debuginfo-4.11.2-16.7.1 rpm-python-debugsource-4.11.2-16.7.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rpm-4.11.2-16.7.1 rpm-debuginfo-4.11.2-16.7.1 rpm-debugsource-4.11.2-16.7.1 rpm-python-4.11.2-16.7.1 rpm-python-debuginfo-4.11.2-16.7.1 rpm-python-debugsource-4.11.2-16.7.1 References: https://bugzilla.suse.com/1003714 https://bugzilla.suse.com/1027925 https://bugzilla.suse.com/1069934 From sle-updates at lists.suse.com Wed May 2 19:11:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 03:11:30 +0200 (CEST) Subject: SUSE-RU-2018:1133-1: Recommended update for nfs-utils Message-ID: <20180503011130.B0769FD7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1133-1 Rating: low References: #1036504 #1076271 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils provides the following fixes: - Improve interoperability with AD kerberos (bsc#1036504) - Correctly handle "port=0" option in mount. If "0" is passed, rpcbind should be queried to discover the actual non-zero port number to use. (bsc#1076271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nfs-utils-13587=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nfs-client-1.2.3-18.48.5.4 nfs-doc-1.2.3-18.48.5.4 nfs-kernel-server-1.2.3-18.48.5.4 References: https://bugzilla.suse.com/1036504 https://bugzilla.suse.com/1076271 From sle-updates at lists.suse.com Thu May 3 07:07:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 15:07:09 +0200 (CEST) Subject: SUSE-SU-2018:1140-1: moderate: Security update for ghostscript-library Message-ID: <20180503130709.E91C6FCF0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1140-1 Rating: moderate References: #1018128 #1030263 #1032138 #1032230 #1040643 #1050879 #1050887 #1050888 #1050889 #1050891 #1051184 Cross-References: CVE-2016-10219 CVE-2016-9601 CVE-2017-11714 CVE-2017-7207 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for ghostscript-library fixes several issues. These security issues were fixed: - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-13588=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-13588=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-13588=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.47.7.1 ghostscript-ijs-devel-8.62-32.47.7.1 libgimpprint-devel-4.2.7-32.47.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.47.7.1 ghostscript-fonts-rus-8.62-32.47.7.1 ghostscript-fonts-std-8.62-32.47.7.1 ghostscript-library-8.62-32.47.7.1 ghostscript-omni-8.62-32.47.7.1 ghostscript-x11-8.62-32.47.7.1 libgimpprint-4.2.7-32.47.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.47.7.1 ghostscript-library-debugsource-8.62-32.47.7.1 References: https://www.suse.com/security/cve/CVE-2016-10219.html https://www.suse.com/security/cve/CVE-2016-9601.html https://www.suse.com/security/cve/CVE-2017-11714.html https://www.suse.com/security/cve/CVE-2017-7207.html https://www.suse.com/security/cve/CVE-2017-9216.html https://www.suse.com/security/cve/CVE-2017-9612.html https://www.suse.com/security/cve/CVE-2017-9726.html https://www.suse.com/security/cve/CVE-2017-9727.html https://www.suse.com/security/cve/CVE-2017-9739.html https://www.suse.com/security/cve/CVE-2017-9835.html https://bugzilla.suse.com/1018128 https://bugzilla.suse.com/1030263 https://bugzilla.suse.com/1032138 https://bugzilla.suse.com/1032230 https://bugzilla.suse.com/1040643 https://bugzilla.suse.com/1050879 https://bugzilla.suse.com/1050887 https://bugzilla.suse.com/1050888 https://bugzilla.suse.com/1050889 https://bugzilla.suse.com/1050891 https://bugzilla.suse.com/1051184 From sle-updates at lists.suse.com Thu May 3 07:09:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 15:09:18 +0200 (CEST) Subject: SUSE-RU-2018:1141-1: Recommended update for zypp-plugin-spacewalk Message-ID: <20180503130918.4686AFCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypp-plugin-spacewalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1141-1 Rating: low References: #1091034 #1091665 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zypp-plugin-spacewalk fixes the following issues: - Use standard python path for actions also when building for older distributions. (bsc#1091665) - Change pkg_gpgcheck setting to restore the old behaviour with upstream Spacewalk. (bsc#1091034) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2018-781=1 Package List: - SUSE Manager Tools 12-BETA (noarch): python2-zypp-plugin-spacewalk-1.0.2-4.9.1 zypp-plugin-spacewalk-1.0.2-4.9.1 References: https://bugzilla.suse.com/1091034 https://bugzilla.suse.com/1091665 From sle-updates at lists.suse.com Thu May 3 13:07:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 May 2018 21:07:15 +0200 (CEST) Subject: SUSE-RU-2018:1144-1: Recommended update for rhncfg Message-ID: <20180503190715.ECF43FCF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for rhncfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1144-1 Rating: low References: Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update provides the missing python2-subpackages for rhncfg. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2018-792=1 Package List: - SUSE Manager Tools 12-BETA (noarch): python2-rhncfg-5.10.122.1-4.8.1 python2-rhncfg-actions-5.10.122.1-4.8.1 python2-rhncfg-client-5.10.122.1-4.8.1 python2-rhncfg-management-5.10.122.1-4.8.1 rhncfg-5.10.122.1-4.8.1 rhncfg-actions-5.10.122.1-4.8.1 rhncfg-client-5.10.122.1-4.8.1 rhncfg-management-5.10.122.1-4.8.1 References: From sle-updates at lists.suse.com Fri May 4 07:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 May 2018 15:07:12 +0200 (CEST) Subject: SUSE-OU-2018:1145-1: Initial release of python3-CherryPy Message-ID: <20180504130712.E9CFCFCF0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-CherryPy ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1145-1 Rating: low References: #1073879 Affected Products: SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-CherryPy Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-793=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-793=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-793=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-793=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-793=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-793=1 Package List: - SUSE Manager Server 3.1 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 - SUSE Manager Server 3.0 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 - SUSE Manager Proxy 3.1 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 - SUSE Manager Proxy 3.0 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 - SUSE Enterprise Storage 5 (noarch): python-CherryPy-3.6.0-9.1 python3-CherryPy-3.6.0-9.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Fri May 4 07:07:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 May 2018 15:07:47 +0200 (CEST) Subject: SUSE-OU-2018:1146-1: Initial release of python3-MarkupSafe and -tornado Message-ID: <20180504130747.096C6FCF0@maintenance.suse.de> SUSE Optional Update: Initial release of python3-MarkupSafe and -tornado ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1146-1 Rating: low References: #1073879 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 modules for SUSE Linux Enterprise Storage: - python3-MarkupSafe - python3-tornado Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-794=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-MarkupSafe-0.23-3.3.3 python-MarkupSafe-debuginfo-0.23-3.3.3 python-MarkupSafe-debugsource-0.23-3.3.3 python-tornado-4.2.1-21.4.1 python-tornado-debuginfo-4.2.1-21.4.1 python-tornado-debugsource-4.2.1-21.4.1 python3-MarkupSafe-0.23-3.3.3 python3-tornado-4.2.1-21.4.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Fri May 4 16:09:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 May 2018 00:09:08 +0200 (CEST) Subject: SUSE-RU-2018:1152-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20180504220908.B2503FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1152-1 Rating: moderate References: #1035946 #1036002 #1059065 #1075978 #1077635 #1082318 #1086602 #953130 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for libsolv, provides the following fixes: Changes in libsolv: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Also make use of suggests for ordering packages. (bsc#1077635) - Fix bad assignment in solution refinement that led to a memory leak. (bsc#1075978) - Use license tag instead of doc in the spec file. (bsc#1082318) - Fixed a problem that could make file conflict detection very slow in some cases. (bsc#953130) - Add the ENABLE_RPMDB_LIBRPM/ENABLE_RPMPKG_LIBRPM configuration options. - Add a function to make it possible to change the whatprovides data. - Improve the selection code. - Many fixes and improvements for cleandeps. - Use recommends also for ordering packages. - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) - Expose solver_get_recommendations in bindings. - Fix an issue in solver_prune_to_highest_prio_per_name resulting in bad solver_get_recommendations output. - Add support for 'without' and 'unless' dependencies. - Fix a problem in yumobs rule generation. - Use the same heuristic as upstream to determine source RPMs. - Fix a memory leak in bindings. - Fix 64bit integer parsing from RPM headers. - Enable complex/rich dependencies for CentOS/RHEL 7, matching how libsolv is configured there. - Enable bzip2 and xz/lzma compression support except for SLE <= 12. - Enable complex/rich dependencies on distributions with RPM 4.13+. - Change the queue resize code to use adaptive chunk sizes. - Fix a potential segmentation fault in testcase_depstr. (bsc#1036002) - Fix some performance issues with name = md5sum dependencies. (bsc#1035946) - Improve "forcebest with uninstall" handling. - Make dirid handling more robust. - Build with libxml2 instead of libexpat Changes in libzypp: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-795=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-795=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-795=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): libsolv-debugsource-0.6.34-2.42.1 libsolv-tools-0.6.34-2.42.1 libsolv-tools-debuginfo-0.6.34-2.42.1 libzypp-15.25.10-46.15.1 libzypp-debuginfo-15.25.10-46.15.1 libzypp-debugsource-15.25.10-46.15.1 perl-solv-0.6.34-2.42.1 perl-solv-debuginfo-0.6.34-2.42.1 python-solv-0.6.34-2.42.1 python-solv-debuginfo-0.6.34-2.42.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libsolv-debugsource-0.6.34-2.42.1 libsolv-tools-0.6.34-2.42.1 libsolv-tools-debuginfo-0.6.34-2.42.1 libzypp-15.25.10-46.15.1 libzypp-debuginfo-15.25.10-46.15.1 libzypp-debugsource-15.25.10-46.15.1 perl-solv-0.6.34-2.42.1 perl-solv-debuginfo-0.6.34-2.42.1 python-solv-0.6.34-2.42.1 python-solv-debuginfo-0.6.34-2.42.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.42.1 libsolv-tools-0.6.34-2.42.1 libsolv-tools-debuginfo-0.6.34-2.42.1 libzypp-15.25.10-46.15.1 libzypp-debuginfo-15.25.10-46.15.1 libzypp-debugsource-15.25.10-46.15.1 perl-solv-0.6.34-2.42.1 perl-solv-debuginfo-0.6.34-2.42.1 python-solv-0.6.34-2.42.1 python-solv-debuginfo-0.6.34-2.42.1 References: https://bugzilla.suse.com/1035946 https://bugzilla.suse.com/1036002 https://bugzilla.suse.com/1059065 https://bugzilla.suse.com/1075978 https://bugzilla.suse.com/1077635 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1086602 https://bugzilla.suse.com/953130 From sle-updates at lists.suse.com Fri May 4 16:10:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 May 2018 00:10:54 +0200 (CEST) Subject: SUSE-RU-2018:1153-1: Recommended update for cluster-glue Message-ID: <20180504221054.72791FD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1153-1 Rating: low References: #1050908 #1059171 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cluster-glue provides the following fix: - stonith: Make sure a Reset can continue even if one of the nodes is already off by returning success with RESETPOWERON=0. (bsc#1050908) - stonith:external/ec2: Enforce en_US.UTF-8 locale when invoking aws client. (bsc#1059171) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-796=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-796=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd-3.5.4 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd-3.5.4 libglue-devel-1.0.12+v1.git.1485976882.03d61cd-3.5.4 libglue-devel-debuginfo-1.0.12+v1.git.1485976882.03d61cd-3.5.4 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1485976882.03d61cd-3.5.4 cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd-3.5.4 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd-3.5.4 libglue2-1.0.12+v1.git.1485976882.03d61cd-3.5.4 libglue2-debuginfo-1.0.12+v1.git.1485976882.03d61cd-3.5.4 References: https://bugzilla.suse.com/1050908 https://bugzilla.suse.com/1059171 From sle-updates at lists.suse.com Mon May 7 04:10:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 12:10:43 +0200 (CEST) Subject: SUSE-RU-2018:1155-1: important: Recommended update for gcc7 Message-ID: <20180507101043.ADD2AFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1155-1 Rating: important References: #1061667 #1068967 #1074621 #1083290 #1083946 #1084812 #1087550 #1087930 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for gcc7 to 7.3 release fixes the following issues: - Update to GCC 7.3 release and further updated to gcc-7-branch head (r258812). - The Spectre v2 mitigation patch for s390x is now included. [bsc#1083946] - Adds backport of x86 retpoline support via -mindirect-branch=, -mfunction-return= and friends. [bsc#1074621] - Update includes a fix for chromium build failure. [bsc#1083290] - Various AArch64 compile fixes are included: * Picks fix to no longer enable -mpc-relative-literal-loads by default with --enable-fix-cortex-a53-843419. * Enable --enable-fix-cortex-a53-843419 for aarch64. [bsc#1084812] [bsc#1087930] * Enable --enable-fix-cortex-a53-835769 for aarch64. * Contains fix for PR82445 which is about a RPI1 bootloader miscompile. [bsc#1061667] * Fixed bogus stack probe instruction on ARM. [bsc#1068967] - Revert the ios_base::failure ABI back to compatible behavior with the default ABI. [bsc#1087550] - Fix nvptx offload target compiler install so GCC can pick up required files. Split out the newlib part into cross-nvptx-newlib7-devel and avoid conflicts with GCC 8 variant via Provides/Conflicts of cross-nvptx-newlib-devel. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-797=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-797=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-797=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-797=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-797=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-797=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-797=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-797=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-797=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2018-797=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-797=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-797=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-797=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-32bit-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE OpenStack Cloud 7 (x86_64): libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 - SUSE OpenStack Cloud 7 (s390x): libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE OpenStack Cloud 6 (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-32bit-7.3.1+r258812-5.2 libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-32bit-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-32bit-debuginfo-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-32bit-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-32bit-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-32bit-debuginfo-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-32bit-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-32bit-debuginfo-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc7-debugsource-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libasan4-32bit-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libasan4-32bit-7.3.1+r258812-5.2 libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-32bit-debuginfo-7.3.1+r258812-5.2 libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-32bit-debuginfo-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-32bit-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-32bit-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-32bit-debuginfo-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-32bit-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-32bit-debuginfo-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasan4-32bit-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libasan4-32bit-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le x86_64): liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libasan4-32bit-7.3.1+r258812-5.2 libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-32bit-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-32bit-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-32bit-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-32bit-debuginfo-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-32bit-debuginfo-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-32bit-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-32bit-debuginfo-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc7-debugsource-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libasan4-32bit-7.3.1+r258812-5.2 libasan4-32bit-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-32bit-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-32bit-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-32bit-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-32bit-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-32bit-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-32bit-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-32bit-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-32bit-debuginfo-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-32bit-debuginfo-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-32bit-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-32bit-debuginfo-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp7-7.3.1+r258812-5.2 cpp7-debuginfo-7.3.1+r258812-5.2 gcc7-7.3.1+r258812-5.2 gcc7-c++-7.3.1+r258812-5.2 gcc7-c++-debuginfo-7.3.1+r258812-5.2 gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 gcc7-fortran-7.3.1+r258812-5.2 gcc7-fortran-debuginfo-7.3.1+r258812-5.2 gcc7-locale-7.3.1+r258812-5.2 libstdc++6-devel-gcc7-7.3.1+r258812-5.2 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc7-32bit-7.3.1+r258812-5.2 gcc7-c++-32bit-7.3.1+r258812-5.2 gcc7-fortran-32bit-7.3.1+r258812-5.2 libstdc++6-devel-gcc7-32bit-7.3.1+r258812-5.2 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc7-info-7.3.1+r258812-5.2 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc7-7.3.1+r258812-5.1 cross-nvptx-newlib7-devel-7.3.1+r258812-5.1 gcc7-ada-32bit-7.3.1+r258812-5.2 gcc7-ada-7.3.1+r258812-5.2 gcc7-ada-debuginfo-7.3.1+r258812-5.2 libada7-32bit-7.3.1+r258812-5.2 libada7-32bit-debuginfo-7.3.1+r258812-5.2 libada7-7.3.1+r258812-5.2 libada7-debuginfo-7.3.1+r258812-5.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-32bit-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE Enterprise Storage 4 (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libasan4-32bit-7.3.1+r258812-5.2 libasan4-7.3.1+r258812-5.2 libasan4-debuginfo-7.3.1+r258812-5.2 libatomic1-32bit-7.3.1+r258812-5.2 libatomic1-7.3.1+r258812-5.2 libatomic1-debuginfo-7.3.1+r258812-5.2 libcilkrts5-32bit-7.3.1+r258812-5.2 libcilkrts5-7.3.1+r258812-5.2 libcilkrts5-debuginfo-7.3.1+r258812-5.2 libgcc_s1-32bit-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libgfortran4-32bit-7.3.1+r258812-5.2 libgfortran4-7.3.1+r258812-5.2 libgfortran4-debuginfo-7.3.1+r258812-5.2 libgomp1-32bit-7.3.1+r258812-5.2 libgomp1-7.3.1+r258812-5.2 libgomp1-debuginfo-7.3.1+r258812-5.2 libitm1-32bit-7.3.1+r258812-5.2 libitm1-7.3.1+r258812-5.2 libitm1-debuginfo-7.3.1+r258812-5.2 liblsan0-7.3.1+r258812-5.2 liblsan0-debuginfo-7.3.1+r258812-5.2 libmpx2-32bit-7.3.1+r258812-5.2 libmpx2-7.3.1+r258812-5.2 libmpx2-debuginfo-7.3.1+r258812-5.2 libmpxwrappers2-32bit-7.3.1+r258812-5.2 libmpxwrappers2-7.3.1+r258812-5.2 libmpxwrappers2-debuginfo-7.3.1+r258812-5.2 libquadmath0-32bit-7.3.1+r258812-5.2 libquadmath0-7.3.1+r258812-5.2 libquadmath0-debuginfo-7.3.1+r258812-5.2 libstdc++6-32bit-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 libstdc++6-locale-7.3.1+r258812-5.2 libtsan0-7.3.1+r258812-5.2 libtsan0-debuginfo-7.3.1+r258812-5.2 libubsan0-32bit-7.3.1+r258812-5.2 libubsan0-7.3.1+r258812-5.2 libubsan0-debuginfo-7.3.1+r258812-5.2 - SUSE CaaS Platform ALL (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gcc7-debuginfo-7.3.1+r258812-5.2 gcc7-debugsource-7.3.1+r258812-5.2 libgcc_s1-7.3.1+r258812-5.2 libgcc_s1-debuginfo-7.3.1+r258812-5.2 libstdc++6-7.3.1+r258812-5.2 libstdc++6-debuginfo-7.3.1+r258812-5.2 References: https://bugzilla.suse.com/1061667 https://bugzilla.suse.com/1068967 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1083290 https://bugzilla.suse.com/1083946 https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1087930 From sle-updates at lists.suse.com Mon May 7 10:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 18:07:39 +0200 (CEST) Subject: SUSE-OU-2018:1156-1: Initial release of python3-msgpack-python Message-ID: <20180507160739.B4C09FD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-msgpack-python ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1156-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-msgpack-python Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-801=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-801=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-801=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-801=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-801=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-msgpack-python-0.4.6-8.3.1 python-msgpack-python-debuginfo-0.4.6-8.3.1 python-msgpack-python-debugsource-0.4.6-8.3.1 python3-msgpack-python-0.4.6-8.3.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python-msgpack-python-0.4.6-8.3.1 python-msgpack-python-debuginfo-0.4.6-8.3.1 python-msgpack-python-debugsource-0.4.6-8.3.1 python3-msgpack-python-0.4.6-8.3.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python-msgpack-python-0.4.6-8.3.1 python-msgpack-python-debuginfo-0.4.6-8.3.1 python-msgpack-python-debugsource-0.4.6-8.3.1 python3-msgpack-python-0.4.6-8.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-msgpack-python-0.4.6-8.3.1 python-msgpack-python-debuginfo-0.4.6-8.3.1 python-msgpack-python-debugsource-0.4.6-8.3.1 python3-msgpack-python-0.4.6-8.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-msgpack-python-0.4.6-8.3.1 python-msgpack-python-debuginfo-0.4.6-8.3.1 python-msgpack-python-debugsource-0.4.6-8.3.1 python3-msgpack-python-0.4.6-8.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Mon May 7 10:08:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 18:08:10 +0200 (CEST) Subject: SUSE-RU-2018:1157-1: Recommended update for libqt5-qtquick1 Message-ID: <20180507160810.F2070FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtquick1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1157-1 Rating: low References: #1077102 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes an issue where libqt5-qtquick1 was not installable with the current version of libqt5Core. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-802=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Declarative5-5.5.1-11.2.1 libQt5Declarative5-debuginfo-5.5.1-11.2.1 libqt5-qtquick1-debugsource-5.5.1-11.2.1 libqt5-qtquick1-devel-5.5.1-11.2.1 libqt5-qtquick1-devel-debuginfo-5.5.1-11.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libqt5-qtquick1-private-headers-devel-5.5.1-11.2.1 References: https://bugzilla.suse.com/1077102 From sle-updates at lists.suse.com Mon May 7 10:08:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 18:08:56 +0200 (CEST) Subject: SUSE-RU-2018:1159-1: moderate: Recommended update for the SLE Server release-package Message-ID: <20180507160856.9AC8CFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLE Server release-package ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1159-1 Rating: moderate References: #1086279 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update removes the wrong End of Life date for SLE Server 12 SP3. The End of Life depends on the release of the next Service Pack, which is not available yet. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-799=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sles-release-12.3-4.3.1 References: https://bugzilla.suse.com/1086279 From sle-updates at lists.suse.com Mon May 7 10:09:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 18:09:26 +0200 (CEST) Subject: SUSE-RU-2018:1160-1: moderate: Recommended update for the SLE for SAP release-package Message-ID: <20180507160926.5ADFCFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLE for SAP release-package ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1160-1 Rating: moderate References: #1086279 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update removes the wrong End of Life date for SLE for SAP 12 SP3. The End of Life depends on the release of the next Service Pack, which is not available yet. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-800=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): SLES_SAP-release-12.3-5.3.1 References: https://bugzilla.suse.com/1086279 From sle-updates at lists.suse.com Mon May 7 10:09:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 18:09:57 +0200 (CEST) Subject: SUSE-SU-2018:1161-1: moderate: Security update for apache2 Message-ID: <20180507160957.BFAA7FD2B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1161-1 Rating: moderate References: #1086774 #1086775 #1086813 #1086814 #1086817 #1086820 Cross-References: CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-803=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-803=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-803=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-803=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-803=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.18.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-devel-2.4.23-29.18.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.18.2 apache2-debuginfo-2.4.23-29.18.2 apache2-debugsource-2.4.23-29.18.2 apache2-example-pages-2.4.23-29.18.2 apache2-prefork-2.4.23-29.18.2 apache2-prefork-debuginfo-2.4.23-29.18.2 apache2-utils-2.4.23-29.18.2 apache2-utils-debuginfo-2.4.23-29.18.2 apache2-worker-2.4.23-29.18.2 apache2-worker-debuginfo-2.4.23-29.18.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.18.2 References: https://www.suse.com/security/cve/CVE-2017-15710.html https://www.suse.com/security/cve/CVE-2017-15715.html https://www.suse.com/security/cve/CVE-2018-1283.html https://www.suse.com/security/cve/CVE-2018-1301.html https://www.suse.com/security/cve/CVE-2018-1302.html https://www.suse.com/security/cve/CVE-2018-1303.html https://www.suse.com/security/cve/CVE-2018-1312.html https://bugzilla.suse.com/1086774 https://bugzilla.suse.com/1086775 https://bugzilla.suse.com/1086813 https://bugzilla.suse.com/1086814 https://bugzilla.suse.com/1086817 https://bugzilla.suse.com/1086820 From sle-updates at lists.suse.com Mon May 7 13:07:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 May 2018 21:07:22 +0200 (CEST) Subject: SUSE-SU-2018:1162-1: important: Security update for patch Message-ID: <20180507190722.AF759FD2E@maintenance.suse.de> SUSE Security Update: Security update for patch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1162-1 Rating: important References: #1059698 #1080918 #1088420 #662957 #914891 Cross-References: CVE-2010-4651 CVE-2014-9637 CVE-2016-10713 CVE-2018-1000156 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-patch-13589=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-patch-13589=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-patch-13589=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-patch-13589=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-patch-13589=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): patch-2.5.9-252.22.7.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): patch-2.5.9-252.22.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): patch-2.5.9-252.22.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): patch-debuginfo-2.5.9-252.22.7.1 patch-debugsource-2.5.9-252.22.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): patch-debuginfo-2.5.9-252.22.7.1 patch-debugsource-2.5.9-252.22.7.1 References: https://www.suse.com/security/cve/CVE-2010-4651.html https://www.suse.com/security/cve/CVE-2014-9637.html https://www.suse.com/security/cve/CVE-2016-10713.html https://www.suse.com/security/cve/CVE-2018-1000156.html https://bugzilla.suse.com/1059698 https://bugzilla.suse.com/1080918 https://bugzilla.suse.com/1088420 https://bugzilla.suse.com/662957 https://bugzilla.suse.com/914891 From sle-updates at lists.suse.com Tue May 8 07:07:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 15:07:20 +0200 (CEST) Subject: SUSE-SU-2018:1163-1: moderate: Security update for GraphicsMagick Message-ID: <20180508130720.969DEFD2E@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1163-1 Rating: moderate References: #1050623 #1055010 #1085236 #1089781 Cross-References: CVE-2017-11641 CVE-2017-13066 CVE-2017-18229 CVE-2018-10177 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: * CVE-2017-18229: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which could allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. [bsc#1085236] * CVE-2017-11641: A memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files could lead to denial of servic3. [bsc#1050623] * CVE-2017-13066: A memory leak vulnerability in the function CloneImage in magick/image.c could lead to denial of service [bsc#1055010] * CVE-2018-10177: An infinite loop when reading MNG was fixed which could lead to a denial of service (hang) [bsc#1089781] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13590=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13590=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13590=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.52.1 libGraphicsMagick2-1.2.5-78.52.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.52.1 libGraphicsMagick2-1.2.5-78.52.1 perl-GraphicsMagick-1.2.5-78.52.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.52.1 GraphicsMagick-debugsource-1.2.5-78.52.1 References: https://www.suse.com/security/cve/CVE-2017-11641.html https://www.suse.com/security/cve/CVE-2017-13066.html https://www.suse.com/security/cve/CVE-2017-18229.html https://www.suse.com/security/cve/CVE-2018-10177.html https://bugzilla.suse.com/1050623 https://bugzilla.suse.com/1055010 https://bugzilla.suse.com/1085236 https://bugzilla.suse.com/1089781 From sle-updates at lists.suse.com Tue May 8 10:07:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 18:07:27 +0200 (CEST) Subject: SUSE-OU-2018:1164-1: Initial release of python3-MarkupSafe Message-ID: <20180508160727.CBF74FD25@maintenance.suse.de> SUSE Optional Update: Initial release of python3-MarkupSafe ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1164-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-MarkupSafe Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-806=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-806=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-806=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-806=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-806=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-806=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-806=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Manager Server 3.0 (s390x x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Manager Proxy 3.0 (x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-MarkupSafe-0.18-16.3.1 python-MarkupSafe-debuginfo-0.18-16.3.1 python-MarkupSafe-debugsource-0.18-16.3.1 python3-MarkupSafe-0.18-16.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 10:07:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 18:07:57 +0200 (CEST) Subject: SUSE-OU-2018:1165-1: Initial release of python3-Jinja2 Message-ID: <20180508160757.CF203FD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1165-1 Rating: low References: #1073879 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-Jinja2 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-807=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-807=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-807=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-807=1 Package List: - SUSE Manager Server 3.1 (noarch): python-Jinja2-2.8-22.3.1 python3-Jinja2-2.8-22.3.1 - SUSE Manager Proxy 3.1 (noarch): python-Jinja2-2.8-22.3.1 python3-Jinja2-2.8-22.3.1 - SUSE Enterprise Storage 5 (noarch): python-Jinja2-2.8-22.3.1 python3-Jinja2-2.8-22.3.1 - SUSE Enterprise Storage 4 (noarch): python-Jinja2-2.8-22.3.1 python3-Jinja2-2.8-22.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 13:07:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 21:07:28 +0200 (CEST) Subject: SUSE-OU-2018:1166-1: Initial release of python3-apache-libcloud Message-ID: <20180508190728.4E65BFD2E@maintenance.suse.de> SUSE Optional Update: Initial release of python3-apache-libcloud ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1166-1 Rating: low References: #1073879 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Manager Server and Proxy: - python3-apache-libcloud Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-811=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-811=1 Package List: - SUSE Manager Server 3.0 (noarch): python-apache-libcloud-0.19.0-3.3.1 python3-apache-libcloud-0.19.0-3.3.1 - SUSE Manager Proxy 3.0 (noarch): python-apache-libcloud-0.19.0-3.3.1 python3-apache-libcloud-0.19.0-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 13:08:00 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 21:08:00 +0200 (CEST) Subject: SUSE-OU-2018:1167-1: Initial release of python3-PyYAML Message-ID: <20180508190800.653D0FD2E@maintenance.suse.de> SUSE Optional Update: Initial release of python3-PyYAML ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1167-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-PyYAML Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-810=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-810=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-810=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-810=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-810=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-810=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-810=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-810=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-810=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-810=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Manager Server 3.0 (s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Manager Proxy 3.0 (x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-PyYAML-3.12-26.3.1 python-PyYAML-debuginfo-3.12-26.3.1 python-PyYAML-debugsource-3.12-26.3.1 python3-PyYAML-3.12-26.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 13:08:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 21:08:31 +0200 (CEST) Subject: SUSE-OU-2018:1168-1: Initial release of python3-pyOpenSSL Message-ID: <20180508190831.4D902FD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1168-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the SUSE Linux Enterprise Server: - python3-pyOpenSSL Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-812=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-812=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-812=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-812=1 Package List: - SUSE OpenStack Cloud 6 (noarch): python-pyOpenSSL-0.14-4.3.1 python3-pyOpenSSL-0.14-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-pyOpenSSL-0.14-4.3.1 python3-pyOpenSSL-0.14-4.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-pyOpenSSL-0.14-4.3.1 python3-pyOpenSSL-0.14-4.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-pyOpenSSL-0.14-4.3.1 python3-pyOpenSSL-0.14-4.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 13:09:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 21:09:01 +0200 (CEST) Subject: SUSE-OU-2018:1169-1: Initial release of python3-Jinja2 Message-ID: <20180508190901.B8D3AFD2B@maintenance.suse.de> SUSE Optional Update: Initial release of python3-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1169-1 Rating: low References: #1073879 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module: - python3-Jinja2 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-809=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-809=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-809=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-809=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-809=1 Package List: - SUSE Manager Tools 12 (noarch): python-Jinja2-2.8-19.11.1 python3-Jinja2-2.8-19.11.1 - SUSE Manager Server 3.0 (noarch): python-Jinja2-2.8-19.11.1 python3-Jinja2-2.8-19.11.1 - SUSE Manager Proxy 3.0 (noarch): python-Jinja2-2.8-19.11.1 python3-Jinja2-2.8-19.11.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.8-19.11.1 python3-Jinja2-2.8-19.11.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-Jinja2-2.8-19.11.1 python3-Jinja2-2.8-19.11.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Tue May 8 13:09:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 May 2018 21:09:31 +0200 (CEST) Subject: SUSE-RU-2018:1170-1: Recommended update for python-docker-py Message-ID: <20180508190931.089DEFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-docker-py ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1170-1 Rating: low References: #1085635 Affected Products: SUSE OpenStack Cloud 6 SUSE Manager Tools 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-docker-py fixes the following issues: - Fix authentication for pulling during docker build. (bsc#1085635) - Fix updating headers. (bsc#1085635) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-808=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-808=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-808=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-808=1 Package List: - SUSE OpenStack Cloud 6 (noarch): python-docker-py-1.7.2-27.3.2 - SUSE Manager Tools 12 (noarch): python-docker-py-1.7.2-27.3.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-docker-py-1.7.2-27.3.2 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-docker-py-1.7.2-27.3.2 References: https://bugzilla.suse.com/1085635 From sle-updates at lists.suse.com Tue May 8 16:07:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 00:07:18 +0200 (CEST) Subject: SUSE-SU-2018:1171-1: important: Security update for the Linux Kernel Message-ID: <20180508220718.248B0FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1171-1 Rating: important References: #1032084 #1050431 #1065726 #1087088 #1089665 #1089668 #1089752 Cross-References: CVE-2018-10124 CVE-2018-1087 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). The following non-security bugs were fixed: - kvm/x86: fix icebp instruction handling (bsc#1087088). - media: cpia2: Fix a couple off by one bugs (bsc#1050431). - nfs: add nostatflush mount option (bsc#1065726). - nfs: allow flush-on-stat to be disabled (bsc#1065726). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bnc#1032084, FATE#323225). - powerpc/fadump: reuse crashkernel parameter for fadump memory reservation (bnc#1032084, FATE#323225). - powerpc/fadump: update documentation about crashkernel parameter reuse (bnc#1032084, FATE#323225). - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084, FATE#323225). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-20180508-13592=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-20180508-13592=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-20180508-13592=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-20180508-13592=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.41.1 kernel-default-base-3.0.101-108.41.1 kernel-default-devel-3.0.101-108.41.1 kernel-source-3.0.101-108.41.1 kernel-syms-3.0.101-108.41.1 kernel-trace-3.0.101-108.41.1 kernel-trace-base-3.0.101-108.41.1 kernel-trace-devel-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.41.1 kernel-ec2-base-3.0.101-108.41.1 kernel-ec2-devel-3.0.101-108.41.1 kernel-xen-3.0.101-108.41.1 kernel-xen-base-3.0.101-108.41.1 kernel-xen-devel-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.41.1 kernel-bigmem-base-3.0.101-108.41.1 kernel-bigmem-devel-3.0.101-108.41.1 kernel-ppc64-3.0.101-108.41.1 kernel-ppc64-base-3.0.101-108.41.1 kernel-ppc64-devel-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.41.1 kernel-pae-base-3.0.101-108.41.1 kernel-pae-devel-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.41.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.41.1 kernel-default-debugsource-3.0.101-108.41.1 kernel-trace-debuginfo-3.0.101-108.41.1 kernel-trace-debugsource-3.0.101-108.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.41.1 kernel-trace-devel-debuginfo-3.0.101-108.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.41.1 kernel-ec2-debugsource-3.0.101-108.41.1 kernel-xen-debuginfo-3.0.101-108.41.1 kernel-xen-debugsource-3.0.101-108.41.1 kernel-xen-devel-debuginfo-3.0.101-108.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.41.1 kernel-bigmem-debugsource-3.0.101-108.41.1 kernel-ppc64-debuginfo-3.0.101-108.41.1 kernel-ppc64-debugsource-3.0.101-108.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.41.1 kernel-pae-debugsource-3.0.101-108.41.1 kernel-pae-devel-debuginfo-3.0.101-108.41.1 References: https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1032084 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1065726 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1089665 https://bugzilla.suse.com/1089668 https://bugzilla.suse.com/1089752 From sle-updates at lists.suse.com Tue May 8 16:08:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 00:08:53 +0200 (CEST) Subject: SUSE-SU-2018:1172-1: important: Security update for the Linux Kernel Message-ID: <20180508220853.4DC89FD2B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1172-1 Rating: important References: #1010470 #1039348 #1052943 #1062568 #1062840 #1063416 #1067118 #1072689 #1072865 #1078669 #1078672 #1078673 #1078674 #1080464 #1080757 #1082424 #1083242 #1083483 #1083494 #1084536 #1085331 #1086162 #1087088 #1087209 #1087260 #1087762 #1088147 #1088260 #1089608 #1089752 #940776 Cross-References: CVE-2015-5156 CVE-2016-7915 CVE-2017-0861 CVE-2017-12190 CVE-2017-13166 CVE-2017-16644 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18203 CVE-2017-18208 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-6927 CVE-2018-7566 CVE-2018-7757 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470). - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - KABI: x86/kaiser: properly align trampoline stack. - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - kvm/x86: fix icebp instruction handling (bsc#1087088). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - x86-64: Move the "user" vsyscall segment out of the data segment (bsc#1082424). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). - xfs: check for buffer errors before waiting (bsc#1052943). - xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). - xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-source-20180429-13591=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-20180429-13591=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-source-20180429-13591=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-source-20180429-13591=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.22.1 kernel-default-base-3.0.101-0.47.106.22.1 kernel-default-devel-3.0.101-0.47.106.22.1 kernel-source-3.0.101-0.47.106.22.1 kernel-syms-3.0.101-0.47.106.22.1 kernel-trace-3.0.101-0.47.106.22.1 kernel-trace-base-3.0.101-0.47.106.22.1 kernel-trace-devel-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.22.1 kernel-ec2-base-3.0.101-0.47.106.22.1 kernel-ec2-devel-3.0.101-0.47.106.22.1 kernel-xen-3.0.101-0.47.106.22.1 kernel-xen-base-3.0.101-0.47.106.22.1 kernel-xen-devel-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.22.1 kernel-bigsmp-base-3.0.101-0.47.106.22.1 kernel-bigsmp-devel-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.22.1 kernel-pae-base-3.0.101-0.47.106.22.1 kernel-pae-devel-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.22.1 kernel-trace-extra-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.22.1 kernel-default-base-3.0.101-0.47.106.22.1 kernel-default-devel-3.0.101-0.47.106.22.1 kernel-ec2-3.0.101-0.47.106.22.1 kernel-ec2-base-3.0.101-0.47.106.22.1 kernel-ec2-devel-3.0.101-0.47.106.22.1 kernel-pae-3.0.101-0.47.106.22.1 kernel-pae-base-3.0.101-0.47.106.22.1 kernel-pae-devel-3.0.101-0.47.106.22.1 kernel-source-3.0.101-0.47.106.22.1 kernel-syms-3.0.101-0.47.106.22.1 kernel-trace-3.0.101-0.47.106.22.1 kernel-trace-base-3.0.101-0.47.106.22.1 kernel-trace-devel-3.0.101-0.47.106.22.1 kernel-xen-3.0.101-0.47.106.22.1 kernel-xen-base-3.0.101-0.47.106.22.1 kernel-xen-devel-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.22.1 kernel-default-debugsource-3.0.101-0.47.106.22.1 kernel-trace-debuginfo-3.0.101-0.47.106.22.1 kernel-trace-debugsource-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.22.1 kernel-ec2-debugsource-3.0.101-0.47.106.22.1 kernel-xen-debuginfo-3.0.101-0.47.106.22.1 kernel-xen-debugsource-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.22.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.22.1 kernel-pae-debugsource-3.0.101-0.47.106.22.1 References: https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2016-7915.html https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2017-12190.html https://www.suse.com/security/cve/CVE-2017-13166.html https://www.suse.com/security/cve/CVE-2017-16644.html https://www.suse.com/security/cve/CVE-2017-16911.html https://www.suse.com/security/cve/CVE-2017-16912.html https://www.suse.com/security/cve/CVE-2017-16913.html https://www.suse.com/security/cve/CVE-2017-16914.html https://www.suse.com/security/cve/CVE-2017-18203.html https://www.suse.com/security/cve/CVE-2017-18208.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-6927.html https://www.suse.com/security/cve/CVE-2018-7566.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1010470 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1052943 https://bugzilla.suse.com/1062568 https://bugzilla.suse.com/1062840 https://bugzilla.suse.com/1063416 https://bugzilla.suse.com/1067118 https://bugzilla.suse.com/1072689 https://bugzilla.suse.com/1072865 https://bugzilla.suse.com/1078669 https://bugzilla.suse.com/1078672 https://bugzilla.suse.com/1078673 https://bugzilla.suse.com/1078674 https://bugzilla.suse.com/1080464 https://bugzilla.suse.com/1080757 https://bugzilla.suse.com/1082424 https://bugzilla.suse.com/1083242 https://bugzilla.suse.com/1083483 https://bugzilla.suse.com/1083494 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085331 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087762 https://bugzilla.suse.com/1088147 https://bugzilla.suse.com/1088260 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/940776 From sle-updates at lists.suse.com Tue May 8 16:14:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 00:14:27 +0200 (CEST) Subject: SUSE-SU-2018:1173-1: important: Security update for the Linux Kernel Message-ID: <20180508221427.727DCFD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1173-1 Rating: important References: #1012382 #1031717 #1046610 #1057734 #1070536 #1075428 #1076847 #1077560 #1082153 #1082299 #1083125 #1083745 #1083836 #1084353 #1084610 #1084721 #1084829 #1085042 #1085185 #1085224 #1085402 #1085404 #1086162 #1086194 #1087088 #1087260 #1087845 #1088241 #1088242 #1088600 #1088684 #1089198 #1089608 #1089644 #1089752 #1090643 Cross-References: CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-814=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-814=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-814=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-814=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-814=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_73-default-1-3.3.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.73.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_73-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_73-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.73.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.73.1 kernel-default-base-4.4.121-92.73.1 kernel-default-base-debuginfo-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 kernel-default-devel-4.4.121-92.73.1 kernel-syms-4.4.121-92.73.1 kgraft-patch-4_4_121-92_73-default-1-3.3.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.73.1 kernel-macros-4.4.121-92.73.1 kernel-source-4.4.121-92.73.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.73.1 kernel-default-debuginfo-4.4.121-92.73.1 kernel-default-debugsource-4.4.121-92.73.1 References: https://www.suse.com/security/cve/CVE-2017-18257.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-7740.html https://www.suse.com/security/cve/CVE-2018-8043.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1057734 https://bugzilla.suse.com/1070536 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1076847 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1082153 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083745 https://bugzilla.suse.com/1083836 https://bugzilla.suse.com/1084353 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1084829 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085402 https://bugzilla.suse.com/1085404 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087845 https://bugzilla.suse.com/1088241 https://bugzilla.suse.com/1088242 https://bugzilla.suse.com/1088600 https://bugzilla.suse.com/1088684 https://bugzilla.suse.com/1089198 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1090643 From sle-updates at lists.suse.com Tue May 8 19:07:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 03:07:06 +0200 (CEST) Subject: SUSE-SU-2018:1174-1: moderate: Security update for python-Pillow Message-ID: <20180509010706.4D290FD2B@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1174-1 Rating: moderate References: #1008846 #973786 Cross-References: CVE-2016-3076 CVE-2016-9190 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: * CVE-2016-9190: Pillow allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component. (bsc#1008846) * CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. (bsc#973786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-816=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-816=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Pillow-2.8.1-4.3.2 python-Pillow-debuginfo-2.8.1-4.3.2 python-Pillow-debugsource-2.8.1-4.3.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Pillow-2.8.1-4.3.2 python-Pillow-debuginfo-2.8.1-4.3.2 python-Pillow-debugsource-2.8.1-4.3.2 References: https://www.suse.com/security/cve/CVE-2016-3076.html https://www.suse.com/security/cve/CVE-2016-9190.html https://bugzilla.suse.com/1008846 https://bugzilla.suse.com/973786 From sle-updates at lists.suse.com Wed May 9 07:08:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 15:08:33 +0200 (CEST) Subject: SUSE-SU-2018:1176-1: important: Security update for php7 Message-ID: <20180509130833.ED4A1FD2E@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1176-1 Rating: important References: #1091355 #1091362 #1091363 #1091367 Cross-References: CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-817=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-817=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.38.2 php7-debugsource-7.0.7-50.38.2 php7-devel-7.0.7-50.38.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.38.2 apache2-mod_php7-debuginfo-7.0.7-50.38.2 php7-7.0.7-50.38.2 php7-bcmath-7.0.7-50.38.2 php7-bcmath-debuginfo-7.0.7-50.38.2 php7-bz2-7.0.7-50.38.2 php7-bz2-debuginfo-7.0.7-50.38.2 php7-calendar-7.0.7-50.38.2 php7-calendar-debuginfo-7.0.7-50.38.2 php7-ctype-7.0.7-50.38.2 php7-ctype-debuginfo-7.0.7-50.38.2 php7-curl-7.0.7-50.38.2 php7-curl-debuginfo-7.0.7-50.38.2 php7-dba-7.0.7-50.38.2 php7-dba-debuginfo-7.0.7-50.38.2 php7-debuginfo-7.0.7-50.38.2 php7-debugsource-7.0.7-50.38.2 php7-dom-7.0.7-50.38.2 php7-dom-debuginfo-7.0.7-50.38.2 php7-enchant-7.0.7-50.38.2 php7-enchant-debuginfo-7.0.7-50.38.2 php7-exif-7.0.7-50.38.2 php7-exif-debuginfo-7.0.7-50.38.2 php7-fastcgi-7.0.7-50.38.2 php7-fastcgi-debuginfo-7.0.7-50.38.2 php7-fileinfo-7.0.7-50.38.2 php7-fileinfo-debuginfo-7.0.7-50.38.2 php7-fpm-7.0.7-50.38.2 php7-fpm-debuginfo-7.0.7-50.38.2 php7-ftp-7.0.7-50.38.2 php7-ftp-debuginfo-7.0.7-50.38.2 php7-gd-7.0.7-50.38.2 php7-gd-debuginfo-7.0.7-50.38.2 php7-gettext-7.0.7-50.38.2 php7-gettext-debuginfo-7.0.7-50.38.2 php7-gmp-7.0.7-50.38.2 php7-gmp-debuginfo-7.0.7-50.38.2 php7-iconv-7.0.7-50.38.2 php7-iconv-debuginfo-7.0.7-50.38.2 php7-imap-7.0.7-50.38.2 php7-imap-debuginfo-7.0.7-50.38.2 php7-intl-7.0.7-50.38.2 php7-intl-debuginfo-7.0.7-50.38.2 php7-json-7.0.7-50.38.2 php7-json-debuginfo-7.0.7-50.38.2 php7-ldap-7.0.7-50.38.2 php7-ldap-debuginfo-7.0.7-50.38.2 php7-mbstring-7.0.7-50.38.2 php7-mbstring-debuginfo-7.0.7-50.38.2 php7-mcrypt-7.0.7-50.38.2 php7-mcrypt-debuginfo-7.0.7-50.38.2 php7-mysql-7.0.7-50.38.2 php7-mysql-debuginfo-7.0.7-50.38.2 php7-odbc-7.0.7-50.38.2 php7-odbc-debuginfo-7.0.7-50.38.2 php7-opcache-7.0.7-50.38.2 php7-opcache-debuginfo-7.0.7-50.38.2 php7-openssl-7.0.7-50.38.2 php7-openssl-debuginfo-7.0.7-50.38.2 php7-pcntl-7.0.7-50.38.2 php7-pcntl-debuginfo-7.0.7-50.38.2 php7-pdo-7.0.7-50.38.2 php7-pdo-debuginfo-7.0.7-50.38.2 php7-pgsql-7.0.7-50.38.2 php7-pgsql-debuginfo-7.0.7-50.38.2 php7-phar-7.0.7-50.38.2 php7-phar-debuginfo-7.0.7-50.38.2 php7-posix-7.0.7-50.38.2 php7-posix-debuginfo-7.0.7-50.38.2 php7-pspell-7.0.7-50.38.2 php7-pspell-debuginfo-7.0.7-50.38.2 php7-shmop-7.0.7-50.38.2 php7-shmop-debuginfo-7.0.7-50.38.2 php7-snmp-7.0.7-50.38.2 php7-snmp-debuginfo-7.0.7-50.38.2 php7-soap-7.0.7-50.38.2 php7-soap-debuginfo-7.0.7-50.38.2 php7-sockets-7.0.7-50.38.2 php7-sockets-debuginfo-7.0.7-50.38.2 php7-sqlite-7.0.7-50.38.2 php7-sqlite-debuginfo-7.0.7-50.38.2 php7-sysvmsg-7.0.7-50.38.2 php7-sysvmsg-debuginfo-7.0.7-50.38.2 php7-sysvsem-7.0.7-50.38.2 php7-sysvsem-debuginfo-7.0.7-50.38.2 php7-sysvshm-7.0.7-50.38.2 php7-sysvshm-debuginfo-7.0.7-50.38.2 php7-tokenizer-7.0.7-50.38.2 php7-tokenizer-debuginfo-7.0.7-50.38.2 php7-wddx-7.0.7-50.38.2 php7-wddx-debuginfo-7.0.7-50.38.2 php7-xmlreader-7.0.7-50.38.2 php7-xmlreader-debuginfo-7.0.7-50.38.2 php7-xmlrpc-7.0.7-50.38.2 php7-xmlrpc-debuginfo-7.0.7-50.38.2 php7-xmlwriter-7.0.7-50.38.2 php7-xmlwriter-debuginfo-7.0.7-50.38.2 php7-xsl-7.0.7-50.38.2 php7-xsl-debuginfo-7.0.7-50.38.2 php7-zip-7.0.7-50.38.2 php7-zip-debuginfo-7.0.7-50.38.2 php7-zlib-7.0.7-50.38.2 php7-zlib-debuginfo-7.0.7-50.38.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.38.2 php7-pear-Archive_Tar-7.0.7-50.38.2 References: https://www.suse.com/security/cve/CVE-2018-10545.html https://www.suse.com/security/cve/CVE-2018-10546.html https://www.suse.com/security/cve/CVE-2018-10547.html https://www.suse.com/security/cve/CVE-2018-10548.html https://bugzilla.suse.com/1091355 https://bugzilla.suse.com/1091362 https://bugzilla.suse.com/1091363 https://bugzilla.suse.com/1091367 From sle-updates at lists.suse.com Wed May 9 10:08:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 18:08:02 +0200 (CEST) Subject: SUSE-SU-2018:1177-1: important: Security update for xen Message-ID: <20180509160802.DC87BFD25@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1177-1 Rating: important References: #1027519 #1057493 #1072834 #1083292 #1086107 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). This non-security issue was fixed: - bsc#1072834: Prevent unchecked MSR access error - bsc#1057493: Prevent DomU crashes - bsc#1086107: Fixed problems with backports for XSA-246 and XSA-247 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-819=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_30-22.65.1 xen-debugsource-4.4.4_30-22.65.1 xen-doc-html-4.4.4_30-22.65.1 xen-kmp-default-4.4.4_30_k3.12.61_52.125-22.65.1 xen-kmp-default-debuginfo-4.4.4_30_k3.12.61_52.125-22.65.1 xen-libs-32bit-4.4.4_30-22.65.1 xen-libs-4.4.4_30-22.65.1 xen-libs-debuginfo-32bit-4.4.4_30-22.65.1 xen-libs-debuginfo-4.4.4_30-22.65.1 xen-tools-4.4.4_30-22.65.1 xen-tools-debuginfo-4.4.4_30-22.65.1 xen-tools-domU-4.4.4_30-22.65.1 xen-tools-domU-debuginfo-4.4.4_30-22.65.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-7550.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1057493 https://bugzilla.suse.com/1072834 https://bugzilla.suse.com/1083292 https://bugzilla.suse.com/1086107 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Wed May 9 10:10:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 18:10:24 +0200 (CEST) Subject: SUSE-SU-2018:1178-1: moderate: Security update for ImageMagick Message-ID: <20180509161024.E179CFD2B@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1178-1 Rating: moderate References: #1047356 #1058635 #1074117 #1086773 #1086782 #1087027 #1087033 #1087037 #1087039 #1087825 #1089781 Cross-References: CVE-2017-1000476 CVE-2017-10928 CVE-2017-11450 CVE-2017-14325 CVE-2017-17887 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 CVE-2018-9135 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allowed attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. [bsc#1058635] - CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allowed attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. [bsc#1074117] - CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service via a crafted file. [bsc#1087039] - CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick did not properly restrict memory allocation, leading to a heap-based buffer over-read. [bsc#1086782] - CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] - CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c could lead to denial of service. [bsc#1087825] - CVE-2018-10177: In ImageMagick, there was an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. [bsc#1089781] - CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-818=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-818=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-818=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-818=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.54.5 ImageMagick-debuginfo-6.8.8.1-71.54.5 ImageMagick-debugsource-6.8.8.1-71.54.5 libMagick++-6_Q16-3-6.8.8.1-71.54.5 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.54.5 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.54.5 ImageMagick-debuginfo-6.8.8.1-71.54.5 ImageMagick-debugsource-6.8.8.1-71.54.5 ImageMagick-devel-6.8.8.1-71.54.5 libMagick++-6_Q16-3-6.8.8.1-71.54.5 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5 libMagick++-devel-6.8.8.1-71.54.5 perl-PerlMagick-6.8.8.1-71.54.5 perl-PerlMagick-debuginfo-6.8.8.1-71.54.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.54.5 ImageMagick-debugsource-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5 libMagickWand-6_Q16-1-6.8.8.1-71.54.5 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.54.5 ImageMagick-debuginfo-6.8.8.1-71.54.5 ImageMagick-debugsource-6.8.8.1-71.54.5 libMagick++-6_Q16-3-6.8.8.1-71.54.5 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.54.5 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5 libMagickWand-6_Q16-1-6.8.8.1-71.54.5 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5 References: https://www.suse.com/security/cve/CVE-2017-1000476.html https://www.suse.com/security/cve/CVE-2017-10928.html https://www.suse.com/security/cve/CVE-2017-11450.html https://www.suse.com/security/cve/CVE-2017-14325.html https://www.suse.com/security/cve/CVE-2017-17887.html https://www.suse.com/security/cve/CVE-2017-18250.html https://www.suse.com/security/cve/CVE-2017-18251.html https://www.suse.com/security/cve/CVE-2017-18252.html https://www.suse.com/security/cve/CVE-2017-18254.html https://www.suse.com/security/cve/CVE-2018-10177.html https://www.suse.com/security/cve/CVE-2018-8960.html https://www.suse.com/security/cve/CVE-2018-9018.html https://www.suse.com/security/cve/CVE-2018-9135.html https://bugzilla.suse.com/1047356 https://bugzilla.suse.com/1058635 https://bugzilla.suse.com/1074117 https://bugzilla.suse.com/1086773 https://bugzilla.suse.com/1086782 https://bugzilla.suse.com/1087027 https://bugzilla.suse.com/1087033 https://bugzilla.suse.com/1087037 https://bugzilla.suse.com/1087039 https://bugzilla.suse.com/1087825 https://bugzilla.suse.com/1089781 From sle-updates at lists.suse.com Wed May 9 10:12:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 18:12:45 +0200 (CEST) Subject: SUSE-SU-2018:1179-1: moderate: Security update for tiff Message-ID: <20180509161245.C5F48FD2E@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1179-1 Rating: moderate References: #1007280 #1011107 #1011845 #1017688 #1017690 #1017691 #1017692 #1031255 #1046077 #1048937 #1074318 #960341 #983436 Cross-References: CVE-2015-7554 CVE-2016-10095 CVE-2016-10268 CVE-2016-3945 CVE-2016-5318 CVE-2016-5652 CVE-2016-9453 CVE-2016-9536 CVE-2017-11335 CVE-2017-17973 CVE-2017-9935 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." (bsc#1011845) - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077). - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341). - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436). - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,). - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23 (bsc#1031255) - An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691). - Fixed an invalid memory read which could lead to a crash (bsc#1017692). - Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13594=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13594=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13594=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.3.1 tiff-3.8.2-141.169.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.3.1 tiff-debugsource-3.8.2-141.169.3.1 References: https://www.suse.com/security/cve/CVE-2015-7554.html https://www.suse.com/security/cve/CVE-2016-10095.html https://www.suse.com/security/cve/CVE-2016-10268.html https://www.suse.com/security/cve/CVE-2016-3945.html https://www.suse.com/security/cve/CVE-2016-5318.html https://www.suse.com/security/cve/CVE-2016-5652.html https://www.suse.com/security/cve/CVE-2016-9453.html https://www.suse.com/security/cve/CVE-2016-9536.html https://www.suse.com/security/cve/CVE-2017-11335.html https://www.suse.com/security/cve/CVE-2017-17973.html https://www.suse.com/security/cve/CVE-2017-9935.html https://bugzilla.suse.com/1007280 https://bugzilla.suse.com/1011107 https://bugzilla.suse.com/1011845 https://bugzilla.suse.com/1017688 https://bugzilla.suse.com/1017690 https://bugzilla.suse.com/1017691 https://bugzilla.suse.com/1017692 https://bugzilla.suse.com/1031255 https://bugzilla.suse.com/1046077 https://bugzilla.suse.com/1048937 https://bugzilla.suse.com/1074318 https://bugzilla.suse.com/960341 https://bugzilla.suse.com/983436 From sle-updates at lists.suse.com Wed May 9 10:15:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 18:15:24 +0200 (CEST) Subject: SUSE-SU-2018:1180-1: moderate: Security update for tiff Message-ID: <20180509161524.F0B44FD2E@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1180-1 Rating: moderate References: #1046077 #1074318 #1081690 Cross-References: CVE-2017-17973 CVE-2017-9935 CVE-2018-5784 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2017-9935: There was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077) - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2018-5784: There is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries (bsc#1081690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-822=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-822=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-822=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.10.1 tiff-debuginfo-4.0.9-44.10.1 tiff-debugsource-4.0.9-44.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.10.1 libtiff5-debuginfo-4.0.9-44.10.1 tiff-4.0.9-44.10.1 tiff-debuginfo-4.0.9-44.10.1 tiff-debugsource-4.0.9-44.10.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.10.1 libtiff5-debuginfo-32bit-4.0.9-44.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.10.1 libtiff5-4.0.9-44.10.1 libtiff5-debuginfo-32bit-4.0.9-44.10.1 libtiff5-debuginfo-4.0.9-44.10.1 tiff-debuginfo-4.0.9-44.10.1 tiff-debugsource-4.0.9-44.10.1 References: https://www.suse.com/security/cve/CVE-2017-17973.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-5784.html https://bugzilla.suse.com/1046077 https://bugzilla.suse.com/1074318 https://bugzilla.suse.com/1081690 From sle-updates at lists.suse.com Wed May 9 10:16:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 18:16:20 +0200 (CEST) Subject: SUSE-SU-2018:1181-1: important: Security update for xen Message-ID: <20180509161620.6494DFD2E@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1181-1 Rating: important References: #1027519 #1035442 #1057493 #1072834 #1083292 #1086107 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). These non-security issues were fixed: - bsc#1072834: Prevent unchecked MSR access error - bsc#1035442: Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds, allowing for more domUs to be shutdown in parallel - bsc#1057493: Prevent DomU crash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13593=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13593=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13593=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_30-61.26.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_30_3.0.101_108.38-61.26.1 xen-libs-4.4.4_30-61.26.1 xen-tools-domU-4.4.4_30-61.26.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_30-61.26.1 xen-doc-html-4.4.4_30-61.26.1 xen-libs-32bit-4.4.4_30-61.26.1 xen-tools-4.4.4_30-61.26.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_30_3.0.101_108.38-61.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_30-61.26.1 xen-debugsource-4.4.4_30-61.26.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-7550.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035442 https://bugzilla.suse.com/1057493 https://bugzilla.suse.com/1072834 https://bugzilla.suse.com/1083292 https://bugzilla.suse.com/1086107 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Wed May 9 13:07:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:07:31 +0200 (CEST) Subject: SUSE-RU-2018:1182-1: important: Recommended update for kubernetes-salt Message-ID: <20180509190731.C85C9FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1182-1 Rating: important References: #1069175 #1070989 #1082722 #1091077 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for kubernetes-salt fixes the following issues: - Replace the _macros/net by a Python module, so we can get rid of the Jinja limitations (specially when returning lists). (bsc#1091077) - Auth dialog when downloading kubectl errors out (bsc#1069175) - Do not instruct salt to reload the `container-feeder` service (bsc#1070989) - Extend certificates to one year lifespan (bsc#1082722) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (noarch): kubernetes-salt-2.0.0+git_r500_5506783-23.25.1 References: https://bugzilla.suse.com/1069175 https://bugzilla.suse.com/1070989 https://bugzilla.suse.com/1082722 https://bugzilla.suse.com/1091077 From sle-updates at lists.suse.com Wed May 9 13:08:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:08:43 +0200 (CEST) Subject: SUSE-SU-2018:1183-1: moderate: Security update for nodejs6 Message-ID: <20180509190843.DFCD9FD43@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1183-1 Rating: moderate References: #1087453 #1087459 #1087463 Cross-References: CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs6 fixes the following issues: - Fix some node-gyp permissions - New upstream LTS release 6.14.1: * Security fixes: + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability (bsc#1087463) + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) - New upstream LTS release 6.13.1: * http,tls: better support for IPv6 addresses * console: added console.count() and console.clear() * crypto: + expose ECDH class + added cypto.randomFill() and crypto.randomFillSync() + warn on invalid authentication tag length * deps: upgrade libuv to 1.16.1 * dgram: added socket.setMulticastInterface() * http: add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of Agent * lib: return this from net.Socket.end() * module: add builtinModules api that provides list of all builtin modules in Node * net: return this from getConnections() * promises: more robust stringification for unhandled rejections * repl: improve require() autocompletion * src: + add openssl-system-ca-path configure option + add --use-bundled-ca --use-openssl-ca check + add process.ppid * tls: accept lookup option for tls.connect() * tools,build: a new macOS installer! * url: WHATWG URL api support * util: add %i and %f formatting specifiers - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - New upstream LTS release 6.12.3: * v8: profiler-related fixes * mostly documentation and test related changes - Enable CI tests in %check target Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-825=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-825=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-825=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.14.1-11.12.1 nodejs6-debuginfo-6.14.1-11.12.1 nodejs6-debugsource-6.14.1-11.12.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.14.1-11.12.1 nodejs6-debuginfo-6.14.1-11.12.1 nodejs6-debugsource-6.14.1-11.12.1 nodejs6-devel-6.14.1-11.12.1 npm6-6.14.1-11.12.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.14.1-11.12.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.14.1-11.12.1 nodejs6-debuginfo-6.14.1-11.12.1 nodejs6-debugsource-6.14.1-11.12.1 References: https://www.suse.com/security/cve/CVE-2018-7158.html https://www.suse.com/security/cve/CVE-2018-7159.html https://www.suse.com/security/cve/CVE-2018-7160.html https://bugzilla.suse.com/1087453 https://bugzilla.suse.com/1087459 https://bugzilla.suse.com/1087463 From sle-updates at lists.suse.com Wed May 9 13:09:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:09:32 +0200 (CEST) Subject: SUSE-SU-2018:1184-1: important: Security update for xen Message-ID: <20180509190932.15C57FD41@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1184-1 Rating: important References: #1027519 #1072834 #1080634 #1080635 #1080662 #1087251 #1087252 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 6 fixes is now available. Description: This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing (bsc#1080635). - CVE-2018-7541: Guest OS users were able to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 (bsc#1080662). - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC (bsc#1080634). These non-security issues were fixed: - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep default to run xenstored as daemon in dom0 - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) - bsc#1072834: Prevent unchecked MSR access error Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-828=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-828=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-828=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.2_04-3.29.1 xen-devel-4.9.2_04-3.29.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.2_04-3.29.1 xen-debugsource-4.9.2_04-3.29.1 xen-doc-html-4.9.2_04-3.29.1 xen-libs-32bit-4.9.2_04-3.29.1 xen-libs-4.9.2_04-3.29.1 xen-libs-debuginfo-32bit-4.9.2_04-3.29.1 xen-libs-debuginfo-4.9.2_04-3.29.1 xen-tools-4.9.2_04-3.29.1 xen-tools-debuginfo-4.9.2_04-3.29.1 xen-tools-domU-4.9.2_04-3.29.1 xen-tools-domU-debuginfo-4.9.2_04-3.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.2_04-3.29.1 xen-debugsource-4.9.2_04-3.29.1 xen-libs-32bit-4.9.2_04-3.29.1 xen-libs-4.9.2_04-3.29.1 xen-libs-debuginfo-32bit-4.9.2_04-3.29.1 xen-libs-debuginfo-4.9.2_04-3.29.1 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.2_04-3.29.1 xen-libs-4.9.2_04-3.29.1 xen-libs-debuginfo-4.9.2_04-3.29.1 xen-tools-domU-4.9.2_04-3.29.1 xen-tools-domU-debuginfo-4.9.2_04-3.29.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-7540.html https://www.suse.com/security/cve/CVE-2018-7541.html https://www.suse.com/security/cve/CVE-2018-7542.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1072834 https://bugzilla.suse.com/1080634 https://bugzilla.suse.com/1080635 https://bugzilla.suse.com/1080662 https://bugzilla.suse.com/1087251 https://bugzilla.suse.com/1087252 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Wed May 9 13:11:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:11:43 +0200 (CEST) Subject: SUSE-RU-2018:1185-1: moderate: Recommended update for yast2 and yast2-network Message-ID: <20180509191143.C497FFD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 and yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1185-1 Rating: moderate References: #1056109 #1062596 #1066982 #1077435 #1078991 #1080630 #1081353 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides the following fixes: yast2: - Restart SuSEFirewall2 if needed to apply the final configuration once written during the AY Second Stage.(bsc#1080630) - Do not truncate kernel parameter when it contains '=' (bsc#1081353) yast2-network: - Do not propose network interfaces without link (bsc#1062596) - Improve device name collision recognition when applying device renaming according to the autoyast profile. (bsc#1056109) - Remove an unnecessary SuSEFirewall.Write call when storing the Firewall remote client configuration. (bsc#1066982) - Fix the initialization and storing of firewall widget. (bsc#1066982) - Do not crash if a LanItem does not have the hardware info. (bsc#1078991) - Allow VNC and SSH access in SUSEFirewall in case of remote auto-installations for the second stage. (bsc#1080630) - Fix a crash when handling corrupted /etc/hosts file. (bsc#1077435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-830=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-830=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-3.2.45-3.23.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.51-2.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.51-2.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-3.2.45-3.23.2 References: https://bugzilla.suse.com/1056109 https://bugzilla.suse.com/1062596 https://bugzilla.suse.com/1066982 https://bugzilla.suse.com/1077435 https://bugzilla.suse.com/1078991 https://bugzilla.suse.com/1080630 https://bugzilla.suse.com/1081353 From sle-updates at lists.suse.com Wed May 9 13:13:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:13:21 +0200 (CEST) Subject: SUSE-RU-2018:1186-1: important: Recommended update for rollback-helper Message-ID: <20180509191321.AF7B8FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1186-1 Rating: important References: #1032129 #1068947 #1090073 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Check whether system is registered before rollback (bsc#1032129) - Check if current btrfs snapshot is the production snapshot before re-registering (bsc#1068947) - Make sure rollback-helper is started only after all filesystems are accessible. This makes sure that checking for the correct snapshot is properly done and prevents it from thinking there is nothing to do. (bsc#1090073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-832=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-832=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): rollback-helper-1.0+git20180419.3c7281d-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): rollback-helper-1.0+git20180419.3c7281d-11.3.1 - SUSE CaaS Platform ALL (noarch): rollback-helper-1.0+git20180419.3c7281d-11.3.1 References: https://bugzilla.suse.com/1032129 https://bugzilla.suse.com/1068947 https://bugzilla.suse.com/1090073 From sle-updates at lists.suse.com Wed May 9 13:14:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:14:09 +0200 (CEST) Subject: SUSE-RU-2018:1187-1: moderate: Recommended update for traceroute Message-ID: <20180509191409.11EF8FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for traceroute ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1187-1 Rating: moderate References: #1085791 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for traceroute fixes the following issues: - Fix segmentation fault when using --mtu option (bsc#1085791) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-829=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): traceroute-2.0.19-3.3.1 traceroute-debuginfo-2.0.19-3.3.1 traceroute-debugsource-2.0.19-3.3.1 References: https://bugzilla.suse.com/1085791 From sle-updates at lists.suse.com Wed May 9 13:15:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:15:04 +0200 (CEST) Subject: SUSE-RU-2018:1189-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20180509191504.0CA83FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1189-1 Rating: moderate References: #1071052 #1077431 #1077439 #1078444 #1080558 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sap-installation-wizard provides the following fixes: - Adapt B1 installation script and the xml to the new product. (bsc#1071052) - Adapt to new password policies of B1 9.2. (bsc#1071052) - Make sure settings in /etc/sysconfig/sap-installation-wizard are respected. (bsc#1080558) - Fix a failure due to type convertion problems. (bsc#1078444) - Add missing requirement for perl-XML-LibXML. (bsc#1077431) - Add a missing requirement for autoyast2. (bsc#1077439) - Provide SLES4SAP container image, including a new file start_sap_docker.sh to start the sap processes in a container. (fate#320406) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-834=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sap-installation-wizard-3.1.81.2-4.7.2 References: https://bugzilla.suse.com/1071052 https://bugzilla.suse.com/1077431 https://bugzilla.suse.com/1077439 https://bugzilla.suse.com/1078444 https://bugzilla.suse.com/1080558 From sle-updates at lists.suse.com Wed May 9 13:16:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:16:08 +0200 (CEST) Subject: SUSE-RU-2018:1190-1: moderate: Recommended update for sles12sp3-velum-image, velum Message-ID: <20180509191608.47A03FD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for sles12sp3-velum-image, velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1190-1 Rating: moderate References: #1071023 #1088597 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sles12sp3-velum-image / velum fixes the following issues: - Migrate LDAP passwords (bsc#1071023) - Avoid the event processor from crashing if it cannot interpret the event arguments (bsc#1088597) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform ALL (x86_64): sles12-velum-image-2.0.1-2.10.5 References: https://bugzilla.suse.com/1071023 https://bugzilla.suse.com/1088597 From sle-updates at lists.suse.com Wed May 9 13:16:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:16:45 +0200 (CEST) Subject: SUSE-SU-2018:1191-1: moderate: Security update for python-Pillow Message-ID: <20180509191645.595F7FD43@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1191-1 Rating: moderate References: #1008846 #973786 Cross-References: CVE-2016-3076 CVE-2016-9190 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: * CVE-2016-9190: Pillow allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component. (bsc#1008846) * CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. (bsc#973786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-827=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): python-Pillow-2.7.0-4.3.1 python-Pillow-debuginfo-2.7.0-4.3.1 python-Pillow-debugsource-2.7.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2016-3076.html https://www.suse.com/security/cve/CVE-2016-9190.html https://bugzilla.suse.com/1008846 https://bugzilla.suse.com/973786 From sle-updates at lists.suse.com Wed May 9 13:17:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:17:21 +0200 (CEST) Subject: SUSE-RU-2018:1192-1: important: Recommended update for rollback-helper Message-ID: <20180509191722.5DDD1FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1192-1 Rating: important References: #1011912 #1032129 #1068947 #1090073 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Check whether system is registered before rollback (bsc#1032129) - Check if current btrfs snapshot is the production snapshot before re-registering (bsc#1068947) - Add missing systemd requirement (bsc#1011912) - Make sure rollback-helper is started only after all filesystems are accessible. This makes sure that checking for the correct snapshot is properly done and prevents it from thinking there is nothing to do. (bsc#1090073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-833=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-833=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-833=1 Package List: - SUSE OpenStack Cloud 6 (noarch): rollback-helper-1.0+git20180419.3c7281d-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): rollback-helper-1.0+git20180419.3c7281d-5.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): rollback-helper-1.0+git20180419.3c7281d-5.3.1 References: https://bugzilla.suse.com/1011912 https://bugzilla.suse.com/1032129 https://bugzilla.suse.com/1068947 https://bugzilla.suse.com/1090073 From sle-updates at lists.suse.com Wed May 9 13:18:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:18:19 +0200 (CEST) Subject: SUSE-RU-2018:1193-1: moderate: Recommended update for sapconf Message-ID: <20180509191819.5EB1BFD41@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1193-1 Rating: moderate References: #1026862 #1031073 #1032516 #1048550 #1064720 #1070386 #1070390 #1070494 #1070495 #1070496 #1070503 #1070506 #1070508 #1071539 #1087455 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Refactoring sapconf parameter settings together with SAP Linux Lab. (fate#324491) ATTENTION: One main feature of this sapconf package update is a consolidation of all sapconf configuration settings into the central /etc/sysconfig/sapconf configuration file (except those settings related to ASE or BOBJ and those settings which can only be set via tuned.conf). This will result in a lot of configuration file changes concerning the following files: * /etc/sysconfig/sapconf * /etc/sysconfig/sapnote-1557506 * /usr/lib/tuned/sap-netweaver/tuned.conf * /usr/lib/tuned/sap-hana/tuned.conf. This means that your system configuration will be changed after a restart of tuned or during a system reboot. Please read carefully the following information about configuration file handling before restarting tuned or rebooting the system. (bsc#1070508) - The configuration file handling during the package installation has changed (bsc#1070496, bsc#1070508): * During an initial package installation the new sysconfig file, which includes the pagecache values from the former file sapnote-1557506 are copied to /etc/sysconfig/sapconf and the changes will take effect immediately after the package installation. * During a package update, previously created /etc/sysconfig files will exist. The file /etc/sysconfig/sapconf is saved to /etc/sysconfig/sapconf.rpmsave and the new sysconfig file is copied to /etc/sysconfig. * If the pagecache handling is enabled in the file /etc/sysconfig/sapnote-1557506, the values from this file are copied to /etc/sysconfig/sapconf and the obsolete file /etc/sysconfig/sapnote-1557506 is removed. The changes will take effect immediately after the package installation. * If the file /etc/sysconfig/sapconf.rpmsave exists and contains system specific modifications, please check after the package installation and merge these changes manually into /etc/sysconfig/sapconf. * Remove the file /etc/sysconfig/sapconf.rpmsave before you restart the sapconf service to get the changes take effect. - Add a systemd unit file sapconf.service to start tuned, uuidd.socket and sysstat during system boot and after initial package installation and to restart tuned during package update so that the changes will take effect immediately. (fate#325471, bsc#1087455) - Check if pagecache limit is available at the system and if yes, set pagecache limit according to the settings in /etc/sysconfig/sapconf. If not, write a message to the log file. (bsc#1071539, fate#323778) - Use the same tuning values for HANA and Netweaver workloads. That means the use of the same tuned.conf and script.sh file for both profiles (sap-hana and sap-netweaver). This should lead to a better base for mixed HANA and ABAB workloads on one system. (bsc#1070508) - The pagecache configuration is now integrated in the general sapconf sysconfig file and the old sysconfig file sapnote-1557506 is obsolete. As before pagecache handling is disabled by default. - The following parameters are additionally specified (instead of static tuning inside the tuning script or defined in other configuration files like tuned.conf or sapnote-1557506) or changed in the central configuration file /etc/sysconfig/sapconf (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070508): * vm.max_map_count, vm.dirty_bytes, vm.dirty_background_bytes, kernel.shmmni, net.ipv4.tcp_slow_start_after_idle, ksm, transparent_hugepages, numa_balancing: parameters added and value changed. * vm.pagecache_limit_ignore_dirty, vm.pagecache_limit_mb: parameters added and commented out * kernel.shmall, kernel.shmmax, kernel.sem: parameters changed. But keep in mind: higher system value will ever remain unchanged. sapconf will respect higher values set by the system or by the administrator using sysctl configuration files. Values set with sysctl command will respect too, but they will not survive a system reboot. Every tuning action is logged to /var/log/sapconf.log - The following parameters were specified in tuned.conf of profile sap-hana and/or sap-netweaver before but were removed from tuned.conf because they are redundant, not mentioned in any SAP Note, replaced by another parameter, moved to another configuration file or commented out, or because they are only valid for a special architecture or special tasks (like the [cpu] part was only valid for Intel architecture and only performance related): * vm.swappiness, kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, readahead: parameters removed. * [cpu] section with governor, energy_perf_bias, min_perf_pct: parameters commented out. * vm.dirty_ratio, vm.dirty_background_ratio: parameters removed from tuned.conf, replaced by vm.dirty_bytes, vm.dirty_background_bytes defined in sysconfig/sapconf. * kernel.sem, net.ipv4.tcp_slow_start_after_idle, transparent_hugepages: parameters moved to sysconfig/sapconf. ATTENTION: these changes will take effect immediately after restarting tuned. Unless the administrator is using a custom copy of the tuned.conf file in /etc/tuned/ (where may be sap-hana or sap-netweaver) to set own or changed values, the tuned.conf files in /etc/tuned/ remain untouched during package installation. To get the new behavior SAP recommends, remove the profile copy from /etc/tuned or copy the new tuned.conf file from /usr/lib/tuned/ to /etc/tuned/ or compare the files in /etc/tuned/ with the files in /usr/lib/tuned/ manually and adjust the content, if needed. (bsc#1070494, bsc#1070495, bsc#1070496, bsc#1070503, bsc#1048550, bsc#1064720) - Setting of UserTasksMax, a parameter of the systemd login manager, will be done in the post script during the package installation. The value is set to 'infinity'. NOTE: A reboot is needed after the first setup to get the changes to take effect. A message will indicate if a reboot is necessary. As before there is no automatic rollback. (bsc#1070386) - Enable and start sysstat service during post script of the package installation (see SAP Note 1310037). (bsc#1070390) - Add package requirements including a short description to the man page of sapconf and to the central configuration file /etc/sysconfig/sapconf. (bsc#1070390) - Update the sapconf man page and associated man pages to reflect all the changes of this sapconf version. (bsc#1070506) - Respect active tuned profile during reboot of the system even if it is not a 'sap' profile. sapconf only activates sap-netweaver profile by default, if NO tuned profile is actually set. (bsc#1026862) - Re-insert 'elevator=noop' to tuned.conf of profile sap-hana and sap-netweaver. (bsc#1031073, bsc#1032516, bsc#1070494) - sapconf will set ALL values specified in the file /etc/sysconfig/sapconf irrespective of the current system value. The values will not only be increased, but also decreased if the value in the sysconfig file is lower than the current system value. All actions are logged to /var/log/sapconf.log. (fate#325547) - Change variable names in sysconfig file to avoid confusion. (bsc#1070495) - Remove unnecessary TMPFS_SIZE_MIN from sysconfig file. (bsc#1070496) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-831=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-831=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-831=1 Package List: - SUSE OpenStack Cloud 6 (noarch): sapconf-4.1.12-18.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sapconf-4.1.12-18.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): sapconf-4.1.12-18.24.1 References: https://bugzilla.suse.com/1026862 https://bugzilla.suse.com/1031073 https://bugzilla.suse.com/1032516 https://bugzilla.suse.com/1048550 https://bugzilla.suse.com/1064720 https://bugzilla.suse.com/1070386 https://bugzilla.suse.com/1070390 https://bugzilla.suse.com/1070494 https://bugzilla.suse.com/1070495 https://bugzilla.suse.com/1070496 https://bugzilla.suse.com/1070503 https://bugzilla.suse.com/1070506 https://bugzilla.suse.com/1070508 https://bugzilla.suse.com/1071539 https://bugzilla.suse.com/1087455 From sle-updates at lists.suse.com Wed May 9 13:21:09 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 May 2018 21:21:09 +0200 (CEST) Subject: SUSE-SU-2018:1194-1: Security update for python-pysaml2 Message-ID: <20180509192109.AD9F1FD43@maintenance.suse.de> SUSE Security Update: Security update for python-pysaml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1194-1 Rating: low References: #1074662 Cross-References: CVE-2017-1000433 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pysaml2 fixes the following issues: - CVE-2017-1000433: When python optimizations are enabled, any user is able to login without knowing their password. (bsc#1074662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-826=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-pysaml2-4.0.2-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-1000433.html https://bugzilla.suse.com/1074662 From sle-updates at lists.suse.com Wed May 9 16:07:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 00:07:06 +0200 (CEST) Subject: SUSE-SU-2018:1195-1: moderate: Security update for cairo Message-ID: <20180509220706.7EDE8FD43@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1195-1 Rating: moderate References: #1049092 Cross-References: CVE-2017-9814 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cairo fixes the following issues: - CVE-2017-9814: out-of-bounds read in cairo-truetype-subset.c could lead to denial of service (bsc#1049092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-836=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-836=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-836=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.15.2-25.3.2 cairo-devel-1.15.2-25.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.15.2-25.3.2 libcairo-gobject2-1.15.2-25.3.2 libcairo-gobject2-debuginfo-1.15.2-25.3.2 libcairo-script-interpreter2-1.15.2-25.3.2 libcairo-script-interpreter2-debuginfo-1.15.2-25.3.2 libcairo2-1.15.2-25.3.2 libcairo2-debuginfo-1.15.2-25.3.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcairo-gobject2-32bit-1.15.2-25.3.2 libcairo-gobject2-debuginfo-32bit-1.15.2-25.3.2 libcairo2-32bit-1.15.2-25.3.2 libcairo2-debuginfo-32bit-1.15.2-25.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cairo-debugsource-1.15.2-25.3.2 libcairo-gobject2-1.15.2-25.3.2 libcairo-gobject2-32bit-1.15.2-25.3.2 libcairo-gobject2-debuginfo-1.15.2-25.3.2 libcairo-gobject2-debuginfo-32bit-1.15.2-25.3.2 libcairo-script-interpreter2-1.15.2-25.3.2 libcairo-script-interpreter2-debuginfo-1.15.2-25.3.2 libcairo2-1.15.2-25.3.2 libcairo2-32bit-1.15.2-25.3.2 libcairo2-debuginfo-1.15.2-25.3.2 libcairo2-debuginfo-32bit-1.15.2-25.3.2 References: https://www.suse.com/security/cve/CVE-2017-9814.html https://bugzilla.suse.com/1049092 From sle-updates at lists.suse.com Wed May 9 16:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 00:07:39 +0200 (CEST) Subject: SUSE-SU-2018:1196-1: moderate: Security update for libapr1 Message-ID: <20180509220739.EB170FD41@maintenance.suse.de> SUSE Security Update: Security update for libapr1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1196-1 Rating: moderate References: #1064982 Cross-References: CVE-2017-12613 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-835=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-835=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libapr1-1.5.1-4.3.1 libapr1-debuginfo-1.5.1-4.3.1 libapr1-debugsource-1.5.1-4.3.1 libapr1-devel-1.5.1-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libapr1-1.5.1-4.3.1 libapr1-debuginfo-1.5.1-4.3.1 libapr1-debugsource-1.5.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-12613.html https://bugzilla.suse.com/1064982 From sle-updates at lists.suse.com Wed May 9 22:07:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 06:07:17 +0200 (CEST) Subject: SUSE-RU-2018:1200-1: moderate: Recommended update for mc Message-ID: <20180510040717.42A59FD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for mc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1200-1 Rating: moderate References: #1086525 #1087708 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mc fixes the following issues: - Fix a heap buffer underflow (bsc#1086525) - Fix a bug where xls2csv was not called correctly (bsc#1087708) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-837=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-837=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mc-4.8.11-4.3.1 mc-debuginfo-4.8.11-4.3.1 mc-debugsource-4.8.11-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): mc-lang-4.8.11-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): mc-lang-4.8.11-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mc-4.8.11-4.3.1 mc-debuginfo-4.8.11-4.3.1 mc-debugsource-4.8.11-4.3.1 References: https://bugzilla.suse.com/1086525 https://bugzilla.suse.com/1087708 From sle-updates at lists.suse.com Thu May 10 01:07:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 09:07:05 +0200 (CEST) Subject: SUSE-RU-2018:1201-1: moderate: Recommended update for multipath-tools Message-ID: <20180510070705.5927FFD38@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1201-1 Rating: moderate References: #1055949 #1056526 #1057820 #1060616 #1066376 #1066893 #1069037 #1073319 #1073622 #1074013 #1075539 #1076828 #1086237 #1088801 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Multiple fixes for NVMe: * libmultipath: hwtable: Change default dm-multipath path_grouping_policy for FC-NVMe from 'failover' to 'multibus'. (bsc#1073319) * libmultipath: Increase path product_id/rev field size for NVMe. (bsc#1073319) * libmultipath: hwtable: no_path_retry="queue" for NetApp NVMe. (bsc#1073319) * hwtable: Set 'none' as default checker for NVMe. (bsc#1057820) * libmultipath/discovery: Modify NVMe path states. (bsc#1057820) * discovery: Sanitize NVMe discovery. (bsc#1057820) * libmultipath: Avoid error messages when detecting NVMe devices. (bsc#1057820) * multipath.rules: Handle NVMe devices correctly. (bsc#1076828) * Add 'none' checker. (bsc#1057820) - libmultipath: Make sure the partition_delimiter configuration option is respected. (bsc#1056526) - kpartx: Fix the creation of a wrong symlink after setting multipath alias for root device. (bsc#1073622) - libmultipath: Prefer RDAC checker with detect_checker. (bsc#1055949) - libmultipath/propsel: Select ALUA prioritizer for RDAC arrays only. (bsc#1075539) - kpartx.rules: Fix by-id/scsi-* for user_friendly_names. (bsc#1066893) - kpartx-compat.rules: Re-add the "scsi-mpatha" links for compatibility. (bsc#1086237) - libmultipath: Fix unit to seconds in log message for checker timeout. (bsc#1069037) - libmultipath: Fix return code of sysfs_getss_timeout. (bsc#1069037) - multipathd.service: Set TasksMax=infinity. (bsc#1060616) - multipath-tools.spec: Add *.so symlinks to the devel package. (bsc#1066376) - test-kpartx: Add test for mapping without UUID. (bsc#1074013) - multipath-tools: Update the licenses in the package and create a LICENSES directory with the text of all used licenses. (bsc#1088801) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-838=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-838=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-838=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-debugsource-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-devel-0.7.1+101+suse.1d10b44f-2.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kpartx-0.7.1+101+suse.1d10b44f-2.11.1 kpartx-debuginfo-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-debuginfo-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-debugsource-0.7.1+101+suse.1d10b44f-2.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kpartx-0.7.1+101+suse.1d10b44f-2.11.1 kpartx-debuginfo-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-debuginfo-0.7.1+101+suse.1d10b44f-2.11.1 multipath-tools-debugsource-0.7.1+101+suse.1d10b44f-2.11.1 References: https://bugzilla.suse.com/1055949 https://bugzilla.suse.com/1056526 https://bugzilla.suse.com/1057820 https://bugzilla.suse.com/1060616 https://bugzilla.suse.com/1066376 https://bugzilla.suse.com/1066893 https://bugzilla.suse.com/1069037 https://bugzilla.suse.com/1073319 https://bugzilla.suse.com/1073622 https://bugzilla.suse.com/1074013 https://bugzilla.suse.com/1075539 https://bugzilla.suse.com/1076828 https://bugzilla.suse.com/1086237 https://bugzilla.suse.com/1088801 From sle-updates at lists.suse.com Thu May 10 10:07:13 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 18:07:13 +0200 (CEST) Subject: SUSE-SU-2018:1202-1: important: Security update for xen Message-ID: <20180510160713.0ED71FD43@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1202-1 Rating: important References: #1027519 #1083292 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-839=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-839=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-839=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): xen-4.5.5_24-22.46.1 xen-debugsource-4.5.5_24-22.46.1 xen-doc-html-4.5.5_24-22.46.1 xen-kmp-default-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-libs-32bit-4.5.5_24-22.46.1 xen-libs-4.5.5_24-22.46.1 xen-libs-debuginfo-32bit-4.5.5_24-22.46.1 xen-libs-debuginfo-4.5.5_24-22.46.1 xen-tools-4.5.5_24-22.46.1 xen-tools-debuginfo-4.5.5_24-22.46.1 xen-tools-domU-4.5.5_24-22.46.1 xen-tools-domU-debuginfo-4.5.5_24-22.46.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_24-22.46.1 xen-debugsource-4.5.5_24-22.46.1 xen-doc-html-4.5.5_24-22.46.1 xen-kmp-default-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-libs-32bit-4.5.5_24-22.46.1 xen-libs-4.5.5_24-22.46.1 xen-libs-debuginfo-32bit-4.5.5_24-22.46.1 xen-libs-debuginfo-4.5.5_24-22.46.1 xen-tools-4.5.5_24-22.46.1 xen-tools-debuginfo-4.5.5_24-22.46.1 xen-tools-domU-4.5.5_24-22.46.1 xen-tools-domU-debuginfo-4.5.5_24-22.46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_24-22.46.1 xen-debugsource-4.5.5_24-22.46.1 xen-doc-html-4.5.5_24-22.46.1 xen-kmp-default-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-kmp-default-debuginfo-4.5.5_24_k3.12.74_60.64.85-22.46.1 xen-libs-32bit-4.5.5_24-22.46.1 xen-libs-4.5.5_24-22.46.1 xen-libs-debuginfo-32bit-4.5.5_24-22.46.1 xen-libs-debuginfo-4.5.5_24-22.46.1 xen-tools-4.5.5_24-22.46.1 xen-tools-debuginfo-4.5.5_24-22.46.1 xen-tools-domU-4.5.5_24-22.46.1 xen-tools-domU-debuginfo-4.5.5_24-22.46.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-7550.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1083292 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Thu May 10 13:07:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 May 2018 21:07:15 +0200 (CEST) Subject: SUSE-SU-2018:1203-1: important: Security update for xen Message-ID: <20180510190715.E65B5FD25@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1203-1 Rating: important References: #1083292 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13595=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13595=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13595=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.19-45.22.1 xen-libs-4.2.5_21-45.22.1 xen-tools-domU-4.2.5_21-45.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-45.22.1 xen-doc-html-4.2.5_21-45.22.1 xen-doc-pdf-4.2.5_21-45.22.1 xen-libs-32bit-4.2.5_21-45.22.1 xen-tools-4.2.5_21-45.22.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.19-45.22.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.19-45.22.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.19-45.22.1 xen-libs-4.2.5_21-45.22.1 xen-tools-domU-4.2.5_21-45.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.22.1 xen-debugsource-4.2.5_21-45.22.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-7550.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1083292 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Fri May 11 07:07:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 May 2018 15:07:05 +0200 (CEST) Subject: SUSE-SU-2018:1216-1: important: Security update for xen Message-ID: <20180511130705.D7DF0FD25@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1216-1 Rating: important References: #1027519 #1086039 #1089152 #1089635 #1090820 #1090822 #1090823 Cross-References: CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-841=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-841=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-841=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-841=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.5_02-43.30.1 xen-debugsource-4.7.5_02-43.30.1 xen-doc-html-4.7.5_02-43.30.1 xen-libs-32bit-4.7.5_02-43.30.1 xen-libs-4.7.5_02-43.30.1 xen-libs-debuginfo-32bit-4.7.5_02-43.30.1 xen-libs-debuginfo-4.7.5_02-43.30.1 xen-tools-4.7.5_02-43.30.1 xen-tools-debuginfo-4.7.5_02-43.30.1 xen-tools-domU-4.7.5_02-43.30.1 xen-tools-domU-debuginfo-4.7.5_02-43.30.1 References: https://www.suse.com/security/cve/CVE-2018-10471.html https://www.suse.com/security/cve/CVE-2018-10472.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1086039 https://bugzilla.suse.com/1089152 https://bugzilla.suse.com/1089635 https://bugzilla.suse.com/1090820 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 From sle-updates at lists.suse.com Fri May 11 10:07:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 May 2018 18:07:24 +0200 (CEST) Subject: SUSE-SU-2018:1217-1: important: Security update for the Linux Kernel Message-ID: <20180511160724.351E9FD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1217-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1015336 #1015337 #1015340 #1015342 #1015343 #1019695 #1019699 #1022604 #1022743 #1024296 #1031717 #1046610 #1060799 #1064206 #1068032 #1073059 #1073069 #1075091 #1075428 #1075994 #1076033 #1077560 #1083125 #1083574 #1083745 #1083836 #1084223 #1084310 #1084328 #1084353 #1084452 #1084610 #1084699 #1084721 #1084829 #1084889 #1084898 #1084914 #1084918 #1084967 #1085042 #1085058 #1085185 #1085224 #1085383 #1085402 #1085404 #1085487 #1085507 #1085511 #1085679 #1085958 #1085981 #1086015 #1086162 #1086194 #1086357 #1086499 #1086518 #1086607 #1087088 #1087211 #1087231 #1087260 #1087274 #1087659 #1087845 #1087906 #1087999 #1088050 #1088087 #1088242 #1088267 #1088313 #1088324 #1088600 #1088684 #1088865 #1088871 #1089198 #1089608 #1089644 #1089752 #1089925 #802154 #810912 #812592 #813453 #880131 #966170 #966172 #966186 #966191 #969476 #969477 #981348 Cross-References: CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1091 CVE-2018-7740 CVE-2018-8043 CVE-2018-8822 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 93 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.128 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl (bnc#1088241) - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function could have been exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). The following non-security bugs were fixed: - Fix ltp might_sleep() splat BUG - ACPI / PMIC: xpower: Fix power_table addresses (bnc#1012382). - ACPI, PCI, irq: remove redundant check for null string pointer (bnc#1012382). - ACPI/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981). - ACPI/processor: Fix error handling in __acpi_processor_start() (bnc#1012382). - ACPI/processor: Replace racy task affinity logic (bnc#1012382). - ACPICA: Add header support for TPM2 table changes (bsc#1084452). - ACPICA: Add support for new SRAT subtable (bsc#1085981). - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382). - ACPICA: Events: Add runtime stub support for event APIs (bnc#1012382). - ACPICA: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981). - ALSA: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382). - ALSA: aloop: Sync stale timer before release (bnc#1012382). - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382). - ALSA: hda - Revert power_save option default value (git-fixes). - ALSA: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382). - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382). - ALSA: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - ALSA: hda: Add a power_save blacklist (bnc#1012382). - ALSA: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382). - ALSA: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382). - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382). - ALSA: pcm: potential uninitialized return values (bnc#1012382). - ALSA: usb-audio: Add a quirck for BW PX headphones (bnc#1012382). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382). - ARM64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328). - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382). - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382). - ARM: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382). - ARM: dts: Adjust moxart IRQ controller and flags (bnc#1012382). - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382). - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382). - ARM: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382). - ARM: dts: exynos: Correct Trats2 panel reset line (bnc#1012382). - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382). - ARM: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382). - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382). - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node (bnc#1012382). - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382). - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382). - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382). - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382). - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382). - ASoC: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382). - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382). - Bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382). - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382). - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382). - Bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382). - Btrfs: incremental send, fix invalid memory access (git-fixes). - Btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382). - CIFS: silence lockdep splat in cifs_relock_file() (bnc#1012382). - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382). - EDAC, mv64x60: Fix an error handling path (bnc#1012382). - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c). - HID: clamp input to logical range if no null state (bnc#1012382). - HID: reject input outside logical range only if null state is set (bnc#1012382). - IB/core: Fix possible crash to access NULL netdev (bsc#966191 bsc#966186). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 bsc#966186). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382). - IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382). - IB/mlx4: Change vma from shared to private (bnc#1012382). - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 bsc#966186). - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 bsc#966186). - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382). - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 bsc#1015343). - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 bsc#966172). - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 bsc#966172). - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 bsc#966172). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 bsc#1015343). - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 bsc#1015343). - IB/srpt: Fix abort handling (bnc#1012382). - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296). - IB/umem: Fix use of npages/nmap fields (bnc#1012382). - Input: elan_i2c - check if device is there before really probing (bnc#1012382). - Input: elan_i2c - clear INT before resetting controller (bnc#1012382). - Input: elantech - force relative mode on a certain module (bnc#1012382). - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382). - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382). - Input: matrix_keypad - fix race when disabling interrupts (bnc#1012382). - Input: mousedev - fix implicit conversion warning (bnc#1012382). - Input: qt1070 - add OF device ID table (bnc#1012382). - Input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382). - KVM: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382). - KVM: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382). - KVM: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382). - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499). - KVM: arm/arm64: vgic-its: Check result of allocation before use (bsc#). - KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499). - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499). - KVM: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499). - KVM: mmu: Fix overlap between public and private memslots (bnc#1012382). - KVM: nVMX: Fix handling of lmsw instruction (bnc#1012382). - Kbuild: provide a __UNIQUE_ID for clang (bnc#1012382). - MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012382). - MIPS: BPF: Fix multiple problems in JIT skb access helpers (bnc#1012382). - MIPS: BPF: Quit clobbering callee saved registers in JIT code (bnc#1012382). - MIPS: OCTEON: irq: Check for null return on kzalloc allocation (bnc#1012382). - MIPS: ath25: Check for kzalloc allocation failure (bnc#1012382). - MIPS: kprobes: flush_insn_slot should flush only if probe initialised (bnc#1012382). - MIPS: mm: adjust PKMAP location (bnc#1012382). - MIPS: mm: fixed mappings: correct initialisation (bnc#1012382). - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters (bnc#1012382). - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification (bnc#1012382). - MIPS: ralink: Remove ralink_halt() (bnc#1012382). - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382). - NFC: nfcmrvl: double free on error path (bnc#1012382). - NFS: Fix an incorrect type in struct nfs_direct_req (bnc#1012382). - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382). - NFSv4.1: Work around a Linux server bug.. (bnc#1012382). - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699). - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382). - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348). - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382). - PCI: Add pci_reset_function_locked() (bsc#1084889). - PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914). - PCI: Avoid FLR for Intel 82579 NICs (bsc#1084889). - PCI: Avoid slot reset if bridge itself is broken (bsc#1084918). - PCI: Export pcie_flr() (bsc#1084889). - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382). - PCI: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015). - PCI: Probe for device reset support during enumeration (bsc#1084889). - PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889). - PCI: Protect restore with device lock to be consistent (bsc#1084889). - PCI: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889). - PCI: Remove redundant probes for device reset support (bsc#1084889). - PCI: Wait for up to 1000ms after FLR reset (bsc#1084889). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659). - PCI: hv: Serialize the present and eject work items (bsc#1087659). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - RDMA/cma: Use correct size when writing netlink stats (bnc#1012382). - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access - RDMA/core: Do not use invalid destination in determining port reuse - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382). - RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012382). - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1015342 bsc#1015343). - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382). - RDMA/qedr: Fix QP state initialization race (bsc#1022604). - RDMA/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604). - RDMA/qedr: fix QP's ack timeout configuration (bsc#1022604). - RDMA/rxe: Fix an out-of-bounds read - RDMA/ucma: Check AF family prior resolving address (bnc#1012382). - RDMA/ucma: Check that device exists prior to accessing it (bnc#1012382). - RDMA/ucma: Check that device is connected prior to access it (bnc#1012382). - RDMA/ucma: Check that user does not overflow QP state (bnc#1012382). - RDMA/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382). - RDMA/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382). - RDMA/ucma: Fix access to non-initialized CM_ID object (bnc#1012382). - RDMA/ucma: Fix use-after-free access in ucma_close (bnc#1012382). - RDMA/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382). - RDMA/ucma: Limit possible option size (bnc#1012382). - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" (bnc#1012382). - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" (bnc#1012382). - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" (bnc#1012382). - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" (bnc#1012382). - Revert "cpufreq: Fix governor module removal race" (bnc#1012382). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" (bnc#1012382). - Revert "ip6_vti: adjust vti mtu according to mtu of lower device" (bnc#1012382). - Revert "ipvlan: add L2 check for packets arriving via virtual devices" (reverted in upstream). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - Revert "mtip32xx: use runtime tag to initialize command header" (bnc#1012382). - Revert "xhci: plat: Register shutdown for xhci_plat" (bnc#1012382). - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135). - USB: ene_usb6250: fix SCSI residue overwriting (bnc#1012382). - USB: ene_usb6250: fix first command execution (bnc#1012382). - USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382). - USB: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382). - USB: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382). - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382). - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382). - USB: usbmon: remove assignment from IS_ERR argument (bnc#1012382). - Update patches.arch/s390-sles12sp3-08-03-KVM-s390-instruction-execution-protection -support.patch (LTC#162428, bsc#1073069). - Update patches.arch/s390-sles12sp3-08-06-01-s390-mem_detect-use-unsigned-longs.pat ch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-02-kvm-s390-enable-all-facility-bits-that -are-known-goo.patch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-03-s390-sclp-add-hmfai-field.patch (LTC#158956, bsc#1073059). - Update patches.arch/s390-sles12sp3-08-06-04-kvm-s390-populate-mask-of-non-hypervis or-managed-fac.patch (LTC#158956, bsc#1073059). - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958). - acpi, numa: fix pxm to online numa node associations (bnc#1012382). - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382). - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012382). - apparmor: Make path_max parameter readonly (bnc#1012382). - arm/arm64: KVM: Add PSCI_VERSION helper (bsc#1068032). - arm/arm64: KVM: Add smccc accessors to PSCI code (bsc#1068032). - arm/arm64: KVM: Advertise SMCCC v1.1 (bsc#1068032). - arm/arm64: KVM: Consolidate the PSCI include files (bsc#1068032). - arm/arm64: KVM: Implement PSCI 1.0 support (bsc#1068032). - arm/arm64: KVM: Turn kvm_psci_version into a static inline (bsc#1068032). - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032). - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032). - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313). - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032). - arm64: KVM: Increment PC after handling an SMC trap (bsc#1068032). - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032). - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032). - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382). - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032). - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032). - arm64: fix smccc compilation (bsc#1068032). - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382). - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050). - arp: fix arp_filter on l3slave devices (bnc#1012382). - arp: honour gratuitous ARP _replies_ (bnc#1012382). - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382). - ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382). - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382). - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382). - ath10k: update tdls teardown state to target (bnc#1012382). - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382). - ath: Fix updating radar flags for coutry code India (bnc#1012382). - audit: add tty field to LOGIN event (bnc#1012382). - batman-adv: handle race condition for claims between gateways (bnc#1012382). - bcache: do not attach backing with duplicate UUID (bnc#1012382). - bcache: segregate flash only volume write streams (bnc#1012382). - bcache: stop writeback thread after detaching (bnc#1012382). - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382). - blk-throttle: make sure expire time isn't too big (bnc#1012382). - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382). - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967). - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058). - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087). - bna: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Align RX buffers (bnc#1012382). - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382). - bonding: Do not update slave->link until ready to commit (bnc#1012382). - bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382). - bonding: refine bond_fold_stats() wrap detection (bnc#1012382). - bpf, x64: implement retpoline for tail call (bnc#1012382). - bpf, x64: increase number of passes (bnc#1012382). - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382). - bpf: skip unnecessary capability check (bnc#1012382). - braille-console: Fix value returned by _braille_console_setup (bnc#1012382). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382). - btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382). - btrfs: improve delayed refs iterations (bsc#1076033). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382). - bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382). - can: cc770: Fix queue stall and dropped RTR reply (bnc#1012382). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382). - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - clk: Fix __set_clk_rates error print-string (bnc#1012382). - clk: bcm2835: Protect sections updating shared registers (bnc#1012382). - clk: ns2: Correct SDIO bits (bnc#1012382). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382). - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382). - coresight: Fix disabling of CoreSight TPIU (bnc#1012382). - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382). - cpufreq/sh: Replace racy task affinity logic (bnc#1012382). - cpufreq: Fix governor module removal race (bnc#1012382). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - cpuidle: Add new macro to enter a retention idle state (bsc#1084328). - cpumask: Add helper cpumask_available() (bnc#1012382). - cros_ec: fix nul-termination for firmware build info (bnc#1012382). - crypto: ahash - Fix early termination in hash walk (bnc#1012382). - crypto: cavium - fix memory leak on info (bsc#1086518). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382). - cx25840: fix unchecked return values (bnc#1012382). - cxgb4: FW upgrade fixes (bnc#1012382). - cxgb4: Fix queue free path of ULD drivers (bsc#1022743). - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382). - dm ioctl: remove double parentheses (bnc#1012382). - dm: Always copy cmd_flags when cloning a request (bsc#1088087). - dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382). - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382). - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296). - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382). - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382). - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382). - drm/amdgpu: fix KV harvesting (bnc#1012382). - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382). - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - drm/msm: fix leak in failed get_pages (bnc#1012382). - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382). - drm/omap: fix tiled buffer stride calculations (bnc#1012382). - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382). - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382). - drm/radeon: fix KV harvesting (bnc#1012382). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382). - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382). - drm: Allow determining if current task is output poll worker (bnc#1012382). - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382). - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382). - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382). - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382). - esp: Fix memleaks on error paths (git-fixes). - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382). - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382). - f2fs: relax node version check for victim data in gc (bnc#1012382). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - firmware/psci: Expose PSCI conduit (bsc#1068032). - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032). - fix race in drivers/char/random.c:get_reg() (bnc#1012382). - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - frv: declare jiffies to be located in the .data section (bnc#1012382). - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382). - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - fs/proc: Stop trying to report thread stacks (bnc#1012382). - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382). - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382). - genirq: Track whether the trigger type has been set (git-fixes). - genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382). - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382). - gpio: label descriptors using the device name (bnc#1012382). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - hv_balloon: fix bugs in num_pages_onlined accounting - hv_balloon: fix printk loglevel - hv_balloon: simplify hv_online_page()/hv_page_online_one() - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes). - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382). - i2c: i2c-scmi: add a MS HID (bnc#1012382). - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310). - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310). - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799). - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799). - i40e: Acquire NVM lock before reads on all devices (bnc#1012382). - i40iw: Free IEQ resources (bsc#969476 bsc#969477). - ia64: fix module loading for gcc-5.4 (bnc#1012382). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382). - iio: hi8435: avoid garbage event at first enable (bnc#1012382). - iio: hi8435: cleanup reset gpio (bnc#1012382). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382). - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes). - ima: relax requiring a file signature for new files with zero length (bnc#1012382). - infiniband/uverbs: Fix integer overflows (bnc#1012382). - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382). - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382). - ip6_gre: better validate user provided tunnel names (bnc#1012382). - ip6_tunnel: better validate user provided tunnel names (bnc#1012382). - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382). - ip_tunnel: better validate user provided tunnel names (bnc#1012382). - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382). - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799). - ipmi: Use the proper default value for register size in ACPI (bsc#1060799). - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799). - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871). - ipmi_ssif: Fix logic around alert handling (bsc#1060799). - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799). - ipmi_ssif: unlock on allocation failure (bsc#1060799). - ipsec: check return value of skb_to_sgvec always (bnc#1012382). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382). - ipv6: sit: better validate user provided tunnel names (bnc#1012382). - ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382). - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382). - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981). - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382). - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981). - iw_cxgb4: print mapped ports correctly (bsc#321658 bsc#321660 bsc#321661). - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382). - kABI: add tty include to audit.c (kabi). - kABI: protect jiffies types (kabi). - kABI: protect skb_to_sgvec* (kabi). - kABI: protect tty include in audit.h (kabi). - kGraft: fix small race in reversion code (bsc#1083125). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382). - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382). - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes). - kprobes/x86: Set kprobes pages read-only (bnc#1012382). - kvm/x86: fix icebp instruction handling (bnc#1012382). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499). - kvm: nVMX: fix nested tsc scaling (bsc1087999). - l2tp: do not accept arbitrary sockets (bnc#1012382). - l2tp: fix missing print session offset info (bnc#1012382). - leds: pca955x: Correct I2C Functionality (bnc#1012382). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382). - libata: remove WARN() for DMA or PIO command without data (bnc#1012382). - llist: clang: introduce member_address_is_nonnull() (bnc#1012382). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382). - lockd: fix lockd shutdown race (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes). - loop: Fix lost writes caused by missing flag (bnc#1012382). - lpfc: update version to 11.4.0.7-1 (bsc#1085383). - mISDN: Fix a sleep-in-atomic bug (bnc#1012382). - mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382). - mac80211: remove BUG() when interface type is invalid (bnc#1012382). - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382). - mceusb: sporadic RX truncation corruption fix (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (git-fixes). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - md/raid10: reset the 'first' at the end of loop (bnc#1012382). - md/raid10: skip spare disk as 'first' disk (bnc#1012382). - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382). - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382). - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382). - media/dvb-core: Race condition when writing to CAM (bnc#1012382). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382). - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382). - media: cpia2: Fix a couple off by one bugs (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - media: videobuf2-core: do not go out of the buffer range (bnc#1012382). - mei: remove dev_err message on an unsupported ioctl (bnc#1012382). - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382). - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382). - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382). - mmc: avoid removing non-removable hosts during suspend (bnc#1012382). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382). - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - mt7601u: check return value of alloc_skb (bnc#1012382). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382). - mtip32xx: use runtime tag to initialize command header (bnc#1012382). - neighbour: update neigh timestamps iff update is effective (bnc#1012382). - net sched actions: fix dumping which requires several messages to user space (bnc#1012382). - net/8021q: create device with all possible features in wanted_features (bnc#1012382). - net/faraday: Add missing include of of.h (bnc#1012382). - net/ipv6: Fix route leaking between VRFs (bnc#1012382). - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382). - net/iucv: Free memory obtained by kzalloc (bnc#1012382). - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382). - net/mlx4: Fix the check in attaching steering rules (bnc#1012382). - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 bsc#966186). - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382). - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx5: Fix error handling in load one (bsc#1015342 bsc#1015343). - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 bsc#1015343). - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382). - net/mlx5: avoid build warning for uniprocessor (bnc#1012382). - net/mlx5e: Add error print in ETS init (bsc#966170 bsc#966172). - net/mlx5e: Check support before TC swap in ETS init (bsc#966170 bsc#966172). - net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 bsc#1015343). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 bsc#1015343). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382). - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" (bnc#1012382). - net: cdc_ncm: Fix TX zero padding (bnc#1012382). - net: emac: fix reset timeout with AR8035 phy (bnc#1012382). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382). - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382). - net: fec: Fix unbalanced PM runtime calls (bnc#1012382). - net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: fool proof dev_valid_name() (bnc#1012382). - net: freescale: fix potential null pointer dereference (bnc#1012382). - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511). - net: hns: Fix ethtool private flags (bsc#1085511). - net: ieee802154: fix net_device reference release too early (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: ipv6: send unsolicited NA after DAD (git-fixes). - net: ipv6: send unsolicited NA on admin up (bnc#1012382). - net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382). - net: move somaxconn init from sysctl code (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382). - net: qca_spi: Fix alignment issues in rx path (bnc#1012382). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382). - net: x25: fix one potential use-after-free issue (bnc#1012382). - net: xfrm: allow clearing socket xfrm policies (bnc#1012382). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382). - netfilter: add back stackpointer size checks (bnc#1012382). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382). - netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382). - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382). - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382). - netfilter: nat: cope with negative port range (bnc#1012382). - netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382). - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382). - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382). - nfsd4: permit layoutget of executable-only files (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - nospec: Include asm/barrier.h dependency (bnc#1012382). - nospec: Kill array_index_nospec_mask_check() (bnc#1012382). - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382). - nvme/rdma: do no start error recovery twice (bsc#1084967). - nvme: do not send keep-alive frames during reset (bsc#1084223). - nvme: do not send keep-alives to the discovery controller (bsc#1086607). - nvme: expand nvmf_check_if_ready checks (bsc#1085058). - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574). - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382). - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382). - ovl: filter trusted xattr for non-admin (bnc#1012382). - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() (bnc#1012382). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382). - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382). - perf header: Set proper module name when build-id event found (bnc#1012382). - perf inject: Copy events when reordering events in pipe mode (bnc#1012382). - perf probe: Add warning message if there is unexpected event name (bnc#1012382). - perf probe: Return errno when not hitting any event (bnc#1012382). - perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382). - perf session: Do not rely on evlist in pipe mode (bnc#1012382). - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382). - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382). - perf tests: Decompress kernel module before objdump (bnc#1012382). - perf tools: Fix copyfile_offset update of output offset (bnc#1012382). - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382). - perf trace: Add mmap alias for s390 (bnc#1012382). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382). - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bsc#1086357). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382). - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382). - pinctrl: Really force states during suspend/resume (bnc#1012382). - platform/chrome: Use proper protocol transfer function (bnc#1012382). - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382). - power: supply: pda_power: move from timer to delayed_work (bnc#1012382). - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382). - pty: cancel pty slave port buf's work in tty_release (bnc#1012382). - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Use after free in qed_rdma_free() (bsc#1019695 bsc#1019699 bsc#1022604). - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484). - qlcnic: fix unchecked return value (bnc#1012382). - qlge: Avoid reading past end of buffer (bnc#1012382). - r8169: fix setting driver_data after register_netdev (bnc#1012382). - random: use lockless method of accessing and updating f->eg_idx (bnc#1012382). - ray_cs: Avoid reading past end of buffer (bnc#1012382). - rcutorture/configinit: Fix build directory error message (bnc#1012382). - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - regulator: anatop: set default voltage selector for pcie (bnc#1012382). - reiserfs: Make cancel_old_flush() reliable (bnc#1012382). - rndis_wlan: add return value validation (bnc#1012382). - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382). - rtc: interface: Validate alarm-time before handling rollover (bnc#1012382). - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382). - rtc: snvs: fix an incorrect check of return value (bnc#1012382). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382). - rxrpc: check return value of skb_to_sgvec always (bnc#1012382). - s390/dasd: fix hanging safe offline (bnc#1012382). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470). - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470). - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470). - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490). - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490). - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491). - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491). - s390/qeth: free netdevice when removing a card (bnc#1012382). - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491). - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490). - s390/qeth: lock read device while queueing next buffer (bnc#1012382). - s390/qeth: on channel error, reject further cmd requests (bnc#1012382). - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490). - s390/qeth: when thread completes, wake up all waiters (bnc#1012382). - s390: move _text symbol to address higher than zero (bnc#1012382). - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382). - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382). - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() (bnc#1012382). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382). - scsi: dh: add new rdac devices (bnc#1012382). - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382). - scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382). - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383). - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865). - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383). - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865). - scsi: lpfc: Correct target queue depth application changes (bsc#1088865). - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865). - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865). - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865). - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865). - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383). - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383). - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865). - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865). - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865). - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383). - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865). - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865). - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383). - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865). - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382). - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag (bnc#1012382). - scsi: sg: check for valid direction before starting the request (bnc#1012382). - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382). - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206). - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382). - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes). - sctp: do not leak kernel memory to user space (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382). - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382). - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382). - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382). - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382). - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382). - selinux: Remove redundant check for unknown labeling behavior (bnc#1012382). - selinux: Remove unnecessary check of array base in selinux_set_mapping() (bnc#1012382). - selinux: check for address length in selinux_socket_bind() (bnc#1012382). - selinux: do not check open permission on sockets (bnc#1012382). - serial: 8250: omap: Disable DMA for console UART (bnc#1012382). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382). - serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382). - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382). - sh_eth: Use platform device for printing before register_netdev() (bnc#1012382). - sit: reload iphdr in ipip6_rcv (bnc#1012382). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382). - skbuff: only inherit relevant tx_flags (bnc#1012382). - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow (bnc#1012382). - sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382). - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382). - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382). - sparc64: ldc abort during vds iso boot (bnc#1012382). - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382). - spi: dw: Disable clock after unregistering the host (bnc#1012382). - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382). - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382). - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382). - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382). - staging: comedi: fix comedi_nsamples_left (bnc#1012382). - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bnc#1012382). - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382). - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382). - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382). - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382). - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382). - staging: wilc1000: fix unchecked return value (bnc#1012382). - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning (bnc#1012382). - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382). - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382). - target: prefer dbroot of /etc/target over /var/target (bsc#1087274). - tcm_fileio: Prevent information leak for short reads (bnc#1012382). - tcp: better validation of received ack sequences (bnc#1012382). - tcp: remove poll() flakes with FastOpen (bnc#1012382). - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382). - team: Fix double free in error path (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit (bnc#1012382). - thermal: power_allocator: fix one race condition issue for thermal_instances list (bnc#1012382). - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382). - timers, sched_clock: Update timeout for clock wrap (bnc#1012382). - tools/usbip: fixes build with musl libc toolchain (bnc#1012382). - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382). - tty/serial: atmel: add new version check for usart (bnc#1012382). - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382). - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382). - tty: vt: fix up tabstops properly (bnc#1012382). - uas: fix comparison for error code (bnc#1012382). - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211). - usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382). - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382). - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382). - usb: dwc3: keystone: check return value (bnc#1012382). - usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382). - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382). - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382). - usb: gadget: define free_ep_req as universal function (bnc#1012382). - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382). - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382). - usb: gadget: fix request length error for isoc transfer (git-fixes). - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align (bnc#1012382). - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382). - usb: usbmon: Read text within supplied buffer size (bnc#1012382). - veth: set peer GSO values (bnc#1012382). - vfb: fix video mode and line_length being set when loaded (bnc#1012382). - vgacon: Set VGA struct resource types (bnc#1012382). - vhost: correctly remove wait queue during poll failure (bnc#1012382). - video/hdmi: Allow "empty" HDMI infoframes (bnc#1012382). - video: ARM CLCD: fix dma allocation size (bnc#1012382). - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382). - virtio_net: check return value of skb_to_sgvec always (bnc#1012382). - virtio_net: check return value of skb_to_sgvec in one more location (bnc#1012382). - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382). - vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382). - vrf: Fix use after free and double free in vrf_finish_output (bnc#1012382). - vt: change SGR 21 to follow the standards (bnc#1012382). - vti6: better validate user provided tunnel names (bnc#1012382). - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382). - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382). - wan: pc300too: abort path on failure (bnc#1012382). - watchdog: hpwdt: Check source of NMI (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - watchdog: hpwdt: SMBIOS check (bnc#1012382). - watchdog: hpwdt: fix unused variable warning (bnc#1012382). - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679). - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382). - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382). - workqueue: Allow retrieval of current task's work struct (bnc#1012382). - writeback: fix the wrong congested state variable definition (bnc#1012382). - x86/MCE: Serialize sysfs changes (bnc#1012382). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/asm: Do not use RBP as a temporary register in csum_partial_copy_generic() (bnc#1012382). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382). - x86/build/64: Force the linker to use 2MB page size (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382). - x86/mm: implement free pmd/pte page interfaces (bnc#1012382). - x86/module: Detect and skip invalid relocations (bnc#1012382). - x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case (bsc#1089925). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382). - x86/vm86/32: Fix POPF emulation (bnc#1012382). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86: i8259: export legacy_pic symbol (bnc#1012382). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). - xen: avoid type warning in xchg_xen_ulong (bnc#1012382). - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382). - xfrm: fix state migration copy replay sequence numbers (bnc#1012382). - xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2018-842=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.128-3.11.1 cluster-md-kmp-rt-debuginfo-4.4.128-3.11.1 dlm-kmp-rt-4.4.128-3.11.1 dlm-kmp-rt-debuginfo-4.4.128-3.11.1 gfs2-kmp-rt-4.4.128-3.11.1 gfs2-kmp-rt-debuginfo-4.4.128-3.11.1 kernel-rt-4.4.128-3.11.1 kernel-rt-base-4.4.128-3.11.1 kernel-rt-base-debuginfo-4.4.128-3.11.1 kernel-rt-debuginfo-4.4.128-3.11.1 kernel-rt-debugsource-4.4.128-3.11.1 kernel-rt-devel-4.4.128-3.11.1 kernel-rt_debug-debuginfo-4.4.128-3.11.1 kernel-rt_debug-debugsource-4.4.128-3.11.1 kernel-rt_debug-devel-4.4.128-3.11.1 kernel-rt_debug-devel-debuginfo-4.4.128-3.11.1 kernel-syms-rt-4.4.128-3.11.1 ocfs2-kmp-rt-4.4.128-3.11.1 ocfs2-kmp-rt-debuginfo-4.4.128-3.11.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.128-3.11.1 kernel-source-rt-4.4.128-3.11.1 References: https://www.suse.com/security/cve/CVE-2017-18257.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1091.html https://www.suse.com/security/cve/CVE-2018-7740.html https://www.suse.com/security/cve/CVE-2018-8043.html https://www.suse.com/security/cve/CVE-2018-8822.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019699 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1022743 https://bugzilla.suse.com/1024296 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1046610 https://bugzilla.suse.com/1060799 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1073059 https://bugzilla.suse.com/1073069 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076033 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083574 https://bugzilla.suse.com/1083745 https://bugzilla.suse.com/1083836 https://bugzilla.suse.com/1084223 https://bugzilla.suse.com/1084310 https://bugzilla.suse.com/1084328 https://bugzilla.suse.com/1084353 https://bugzilla.suse.com/1084452 https://bugzilla.suse.com/1084610 https://bugzilla.suse.com/1084699 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1084829 https://bugzilla.suse.com/1084889 https://bugzilla.suse.com/1084898 https://bugzilla.suse.com/1084914 https://bugzilla.suse.com/1084918 https://bugzilla.suse.com/1084967 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085058 https://bugzilla.suse.com/1085185 https://bugzilla.suse.com/1085224 https://bugzilla.suse.com/1085383 https://bugzilla.suse.com/1085402 https://bugzilla.suse.com/1085404 https://bugzilla.suse.com/1085487 https://bugzilla.suse.com/1085507 https://bugzilla.suse.com/1085511 https://bugzilla.suse.com/1085679 https://bugzilla.suse.com/1085958 https://bugzilla.suse.com/1085981 https://bugzilla.suse.com/1086015 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1086357 https://bugzilla.suse.com/1086499 https://bugzilla.suse.com/1086518 https://bugzilla.suse.com/1086607 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087211 https://bugzilla.suse.com/1087231 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1087274 https://bugzilla.suse.com/1087659 https://bugzilla.suse.com/1087845 https://bugzilla.suse.com/1087906 https://bugzilla.suse.com/1087999 https://bugzilla.suse.com/1088050 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1088242 https://bugzilla.suse.com/1088267 https://bugzilla.suse.com/1088313 https://bugzilla.suse.com/1088324 https://bugzilla.suse.com/1088600 https://bugzilla.suse.com/1088684 https://bugzilla.suse.com/1088865 https://bugzilla.suse.com/1088871 https://bugzilla.suse.com/1089198 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1089925 https://bugzilla.suse.com/802154 https://bugzilla.suse.com/810912 https://bugzilla.suse.com/812592 https://bugzilla.suse.com/813453 https://bugzilla.suse.com/880131 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/981348 From sle-updates at lists.suse.com Fri May 11 13:07:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 May 2018 21:07:22 +0200 (CEST) Subject: SUSE-OU-2018:1219-1: Initial release of new packages for SUSE Manager 3.2 Clienttools Message-ID: <20180511190722.4CC6CFD25@maintenance.suse.de> SUSE Optional Update: Initial release of new packages for SUSE Manager 3.2 Clienttools ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1219-1 Rating: low References: #1092934 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following missing packages for the Beta Clienttools for SUSE Manager 3.2: - python2-hwdata - python2-osa-common - python2-osad - python2-spacewalk-koan - python2-spacewalk-oscap - python2-suseRegisterInfo Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2018-843=1 Package List: - SUSE Manager Tools 12-BETA (noarch): osad-5.11.102.2-4.11.1 python2-hwdata-2.3.5-4.5.1 python2-osa-common-5.11.102.2-4.11.1 python2-osad-5.11.102.2-4.11.1 python2-spacewalk-koan-2.8.8.1-4.8.1 python2-spacewalk-oscap-2.8.8.1-4.8.1 python2-suseRegisterInfo-3.2.2-4.8.1 spacewalk-koan-2.8.8.1-4.8.1 spacewalk-oscap-2.8.8.1-4.8.1 suseRegisterInfo-3.2.2-4.8.1 References: https://bugzilla.suse.com/1092934 From sle-updates at lists.suse.com Fri May 11 13:07:54 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 May 2018 21:07:54 +0200 (CEST) Subject: SUSE-SU-2018:1220-1: important: Security update for the Linux Kernel Message-ID: <20180511190754.52A5DFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1220-1 Rating: important References: #1076537 #1082299 #1083125 #1083242 #1083275 #1084536 #1085279 #1085331 #1086162 #1086194 #1087088 #1087260 #1088147 #1088260 #1088261 #1089608 #1089752 #1090643 Cross-References: CVE-2017-0861 CVE-2017-11089 CVE-2017-13220 CVE-2017-18203 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7757 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - kabi: x86/kaiser: properly align trampoline stack (bsc#1087260). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bsc#1087088). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - usbnet: Fix a race between usbnet_stop() and the BH (bsc#1083275). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-845=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-845=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-845=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-845=1 Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.88.1 kernel-default-base-3.12.74-60.64.88.1 kernel-default-base-debuginfo-3.12.74-60.64.88.1 kernel-default-debuginfo-3.12.74-60.64.88.1 kernel-default-debugsource-3.12.74-60.64.88.1 kernel-default-devel-3.12.74-60.64.88.1 kernel-syms-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.88.1 kernel-xen-base-3.12.74-60.64.88.1 kernel-xen-base-debuginfo-3.12.74-60.64.88.1 kernel-xen-debuginfo-3.12.74-60.64.88.1 kernel-xen-debugsource-3.12.74-60.64.88.1 kernel-xen-devel-3.12.74-60.64.88.1 kgraft-patch-3_12_74-60_64_88-default-1-2.3.1 kgraft-patch-3_12_74-60_64_88-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.88.1 kernel-macros-3.12.74-60.64.88.1 kernel-source-3.12.74-60.64.88.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.88.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.88.1 kernel-ec2-debuginfo-3.12.74-60.64.88.1 kernel-ec2-debugsource-3.12.74-60.64.88.1 kernel-ec2-devel-3.12.74-60.64.88.1 kernel-ec2-extra-3.12.74-60.64.88.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.88.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2017-11089.html https://www.suse.com/security/cve/CVE-2017-13220.html https://www.suse.com/security/cve/CVE-2017-18203.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1076537 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083242 https://bugzilla.suse.com/1083275 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085279 https://bugzilla.suse.com/1085331 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1086194 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1088147 https://bugzilla.suse.com/1088260 https://bugzilla.suse.com/1088261 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1090643 From sle-updates at lists.suse.com Fri May 11 13:10:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 May 2018 21:10:59 +0200 (CEST) Subject: SUSE-SU-2018:1221-1: important: Security update for the Linux Kernel Message-ID: <20180511191059.8F358FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1221-1 Rating: important References: #1076537 #1082299 #1083125 #1083242 #1084536 #1085331 #1086162 #1087088 #1087209 #1087260 #1088147 #1088260 #1088261 #1089608 #1089752 #1090643 Cross-References: CVE-2017-0861 CVE-2017-11089 CVE-2017-13220 CVE-2017-18203 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7757 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread was observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The following non-security bugs were fixed: - Integrate fixes resulting from bsc#1088147 More info in the respective commit messages. - KABI: x86/kaiser: properly align trampoline stack (bsc#1087260). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bsc#1087088). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: properly align trampoline stack (bsc#1087260). - x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-844=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-844=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.128.1 kernel-default-base-3.12.61-52.128.1 kernel-default-base-debuginfo-3.12.61-52.128.1 kernel-default-debuginfo-3.12.61-52.128.1 kernel-default-debugsource-3.12.61-52.128.1 kernel-default-devel-3.12.61-52.128.1 kernel-syms-3.12.61-52.128.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.128.1 kernel-macros-3.12.61-52.128.1 kernel-source-3.12.61-52.128.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.128.1 kernel-xen-base-3.12.61-52.128.1 kernel-xen-base-debuginfo-3.12.61-52.128.1 kernel-xen-debuginfo-3.12.61-52.128.1 kernel-xen-debugsource-3.12.61-52.128.1 kernel-xen-devel-3.12.61-52.128.1 kgraft-patch-3_12_61-52_128-default-1-1.3.1 kgraft-patch-3_12_61-52_128-xen-1-1.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.128.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.128.1 kernel-ec2-debuginfo-3.12.61-52.128.1 kernel-ec2-debugsource-3.12.61-52.128.1 kernel-ec2-devel-3.12.61-52.128.1 kernel-ec2-extra-3.12.61-52.128.1 kernel-ec2-extra-debuginfo-3.12.61-52.128.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2017-11089.html https://www.suse.com/security/cve/CVE-2017-13220.html https://www.suse.com/security/cve/CVE-2017-18203.html https://www.suse.com/security/cve/CVE-2018-10087.html https://www.suse.com/security/cve/CVE-2018-10124.html https://www.suse.com/security/cve/CVE-2018-1087.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-8781.html https://www.suse.com/security/cve/CVE-2018-8822.html https://www.suse.com/security/cve/CVE-2018-8897.html https://bugzilla.suse.com/1076537 https://bugzilla.suse.com/1082299 https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1083242 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1085331 https://bugzilla.suse.com/1086162 https://bugzilla.suse.com/1087088 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1087260 https://bugzilla.suse.com/1088147 https://bugzilla.suse.com/1088260 https://bugzilla.suse.com/1088261 https://bugzilla.suse.com/1089608 https://bugzilla.suse.com/1089752 https://bugzilla.suse.com/1090643 From sle-updates at lists.suse.com Fri May 11 16:07:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:07:19 +0200 (CEST) Subject: SUSE-SU-2018:1222-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20180511220719.AD72CFD25@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1222-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-852=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-8-2.2 kgraft-patch-3_12_61-52_89-xen-8-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:07:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:07:56 +0200 (CEST) Subject: SUSE-SU-2018:1223-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) Message-ID: <20180511220756.35068FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1223-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-882=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-882=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_67-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_67-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:08:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:08:24 +0200 (CEST) Subject: SUSE-SU-2018:1224-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20180511220824.BE54FFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1224-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-850=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-3-2.1 kgraft-patch-3_12_61-52_125-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:08:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:08:59 +0200 (CEST) Subject: SUSE-SU-2018:1225-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20180511220859.49981FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1225-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-896=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-2-2.2 kgraft-patch-4_4_120-94_17-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:09:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:09:27 +0200 (CEST) Subject: SUSE-SU-2018:1226-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12) Message-ID: <20180511220927.56AA8FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1226-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-854=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-8-2.1 kgraft-patch-3_12_61-52_83-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:10:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:10:02 +0200 (CEST) Subject: SUSE-SU-2018:1227-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20180511221002.D0F45FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1227-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-862=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-862=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_82-default-3-2.1 kgraft-patch-3_12_74-60_64_82-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_82-default-3-2.1 kgraft-patch-3_12_74-60_64_82-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:10:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:10:39 +0200 (CEST) Subject: SUSE-SU-2018:1228-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) Message-ID: <20180511221039.B5CD2FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1228-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.103-6_38 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-892=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-5-2.2 kgraft-patch-4_4_103-6_38-default-debuginfo-5-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:11:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:11:15 +0200 (CEST) Subject: SUSE-SU-2018:1229-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20180511221115.5BB51FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1229-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-865=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-865=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_63-default-5-2.1 kgraft-patch-3_12_74-60_64_63-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-5-2.1 kgraft-patch-3_12_74-60_64_63-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:11:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:11:50 +0200 (CEST) Subject: SUSE-SU-2018:1230-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) Message-ID: <20180511221150.A6487FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1230-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-881=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-881=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_35-default-9-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_35-default-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:12:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:12:27 +0200 (CEST) Subject: SUSE-SU-2018:1231-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) Message-ID: <20180511221227.F0322FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1231-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-869=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-869=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-9-2.1 kgraft-patch-3_12_74-60_64_48-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-9-2.1 kgraft-patch-3_12_74-60_64_48-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:12:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:12:59 +0200 (CEST) Subject: SUSE-SU-2018:1232-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) Message-ID: <20180511221259.A6749FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1232-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-863=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-863=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_69-default-3-2.1 kgraft-patch-3_12_74-60_64_69-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-3-2.1 kgraft-patch-3_12_74-60_64_69-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:13:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:13:33 +0200 (CEST) Subject: SUSE-SU-2018:1233-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12) Message-ID: <20180511221333.9D2F2FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1233-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-857=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-9-2.1 kgraft-patch-3_12_61-52_80-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:14:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:14:06 +0200 (CEST) Subject: SUSE-SU-2018:1234-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12) Message-ID: <20180511221406.78AC8FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1234-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-858=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-5-2.1 kgraft-patch-3_12_61-52_101-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:14:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:14:45 +0200 (CEST) Subject: SUSE-SU-2018:1235-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180511221445.083C1FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1235-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-848=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-4-2.1 kgraft-patch-3_12_61-52_119-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:15:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:15:19 +0200 (CEST) Subject: SUSE-SU-2018:1236-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) Message-ID: <20180511221519.B1969FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1236-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-884=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-884=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_17-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_17-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:15:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:15:58 +0200 (CEST) Subject: SUSE-SU-2018:1237-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) Message-ID: <20180511221558.79CDDFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1237-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-864=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-864=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_66-default-4-2.1 kgraft-patch-3_12_74-60_64_66-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_66-default-4-2.1 kgraft-patch-3_12_74-60_64_66-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:16:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:16:34 +0200 (CEST) Subject: SUSE-SU-2018:1238-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) Message-ID: <20180511221634.85197FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1238-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-894=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-3-2.2 kgraft-patch-4_4_114-94_14-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:17:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:17:04 +0200 (CEST) Subject: SUSE-SU-2018:1239-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Message-ID: <20180511221704.83EB0FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1239-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-873=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-873=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:17:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:17:33 +0200 (CEST) Subject: SUSE-SU-2018:1240-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) Message-ID: <20180511221733.62215FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1240-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.103-6_33 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-893=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-5-2.2 kgraft-patch-4_4_103-6_33-default-debuginfo-5-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:18:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:18:08 +0200 (CEST) Subject: SUSE-SU-2018:1241-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) Message-ID: <20180511221808.48B6CFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1241-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-874=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-874=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_50-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_50-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:18:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:18:46 +0200 (CEST) Subject: SUSE-SU-2018:1242-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) Message-ID: <20180511221846.AEED3FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1242-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-885=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-885=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_20-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_20-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:19:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:19:20 +0200 (CEST) Subject: SUSE-SU-2018:1243-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12) Message-ID: <20180511221920.67CA7FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1243-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-859=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-10-2.1 kgraft-patch-3_12_61-52_72-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:19:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:19:53 +0200 (CEST) Subject: SUSE-SU-2018:1244-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12) Message-ID: <20180511221953.CF475FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1244-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-856=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-10-2.1 kgraft-patch-3_12_61-52_77-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:20:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:20:31 +0200 (CEST) Subject: SUSE-SU-2018:1245-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) Message-ID: <20180511222031.67EF8FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1245-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-875=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-875=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_90-92_45-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_90-92_45-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:21:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:21:07 +0200 (CEST) Subject: SUSE-SU-2018:1246-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP3) Message-ID: <20180511222107.17DA8FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1246-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.126-94_22 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-897=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_126-94_22-default-2-2.2 kgraft-patch-4_4_126-94_22-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:21:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:21:36 +0200 (CEST) Subject: SUSE-SU-2018:1247-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20180511222136.524D4FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1247-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-849=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-4-2.1 kgraft-patch-3_12_61-52_111-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:22:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:22:12 +0200 (CEST) Subject: SUSE-SU-2018:1248-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180511222212.024C3FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1248-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-888=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-7-2.2 kgraft-patch-4_4_82-6_9-default-debuginfo-7-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:22:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:22:46 +0200 (CEST) Subject: SUSE-SU-2018:1249-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) Message-ID: <20180511222247.0139DFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1249-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.114-94_11 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-895=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-3-2.2 kgraft-patch-4_4_114-94_11-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:23:15 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:23:15 +0200 (CEST) Subject: SUSE-SU-2018:1250-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) Message-ID: <20180511222315.1DDF5FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1250-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-877=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-877=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:23:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:23:50 +0200 (CEST) Subject: SUSE-SU-2018:1251-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20180511222350.BBCBDFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1251-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-867=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-867=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-8-2.1 kgraft-patch-3_12_74-60_64_57-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-8-2.1 kgraft-patch-3_12_74-60_64_57-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:24:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:24:26 +0200 (CEST) Subject: SUSE-SU-2018:1252-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) Message-ID: <20180511222426.064F2FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1252-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.90-6_12 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-890=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-6-2.2 kgraft-patch-4_4_92-6_18-default-debuginfo-6-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:25:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:25:01 +0200 (CEST) Subject: SUSE-SU-2018:1253-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) Message-ID: <20180511222501.560BBFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1253-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-879=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-879=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_29-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_29-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:25:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:25:38 +0200 (CEST) Subject: SUSE-SU-2018:1254-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) Message-ID: <20180511222538.25CCCFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1254-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-871=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-871=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-8-2.1 kgraft-patch-3_12_74-60_64_51-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-8-2.1 kgraft-patch-3_12_74-60_64_51-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:26:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:26:12 +0200 (CEST) Subject: SUSE-SU-2018:1255-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) Message-ID: <20180511222612.75A6BFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1255-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-861=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-861=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_85-default-3-2.1 kgraft-patch-3_12_74-60_64_85-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-3-2.1 kgraft-patch-3_12_74-60_64_85-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:26:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:26:44 +0200 (CEST) Subject: SUSE-SU-2018:1256-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20180511222644.B18ECFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1256-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-876=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-876=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_56-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_56-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:27:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:27:20 +0200 (CEST) Subject: SUSE-SU-2018:1257-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180511222720.9EC73FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1257-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-851=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-4-2.1 kgraft-patch-3_12_61-52_122-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:27:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:27:56 +0200 (CEST) Subject: SUSE-SU-2018:1258-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) Message-ID: <20180511222756.538E8FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1258-1 Rating: important References: #1090036 Cross-References: CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-883=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-883=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:28:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:28:24 +0200 (CEST) Subject: SUSE-SU-2018:1259-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) Message-ID: <20180511222824.80B87FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1259-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-872=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-872=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-8-2.2 kgraft-patch-3_12_74-60_64_54-xen-8-2.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-8-2.2 kgraft-patch-3_12_74-60_64_54-xen-8-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:28:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:28:57 +0200 (CEST) Subject: SUSE-SU-2018:1260-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20180511222857.CB1B2FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1260-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-889=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-7-2.2 kgraft-patch-4_4_82-6_6-default-debuginfo-7-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:29:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:29:35 +0200 (CEST) Subject: SUSE-SU-2018:1261-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12) Message-ID: <20180511222935.16252FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1261-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-855=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-8-2.1 kgraft-patch-3_12_61-52_86-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:30:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:30:12 +0200 (CEST) Subject: SUSE-SU-2018:1262-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) Message-ID: <20180511223012.84D1EFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1262-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-886=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-886=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_59-92_24-default-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_59-92_24-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:30:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:30:50 +0200 (CEST) Subject: SUSE-SU-2018:1263-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) Message-ID: <20180511223050.809E7FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1263-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.92-6_30 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-891=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_92-6_30-default-5-2.2 kgraft-patch-4_4_92-6_30-default-debuginfo-5-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:31:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:31:25 +0200 (CEST) Subject: SUSE-SU-2018:1264-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) Message-ID: <20180511223125.E088DFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1264-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-868=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-868=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-10-2.2 kgraft-patch-3_12_74-60_64_45-xen-10-2.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-10-2.2 kgraft-patch-3_12_74-60_64_45-xen-10-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:32:27 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:32:27 +0200 (CEST) Subject: SUSE-SU-2018:1266-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) Message-ID: <20180511223227.32ACBFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1266-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-870=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-870=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-10-2.2 kgraft-patch-3_12_74-60_64_40-xen-10-2.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-10-2.2 kgraft-patch-3_12_74-60_64_40-xen-10-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:33:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:33:01 +0200 (CEST) Subject: SUSE-SU-2018:1267-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20180511223301.CD9A3FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1267-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-853=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-7-2.1 kgraft-patch-3_12_61-52_92-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:33:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:33:39 +0200 (CEST) Subject: SUSE-SU-2018:1268-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20180511223339.9CBACFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1268-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-880=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-880=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_38-default-8-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_38-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:34:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:34:14 +0200 (CEST) Subject: SUSE-SU-2018:1269-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20180511223414.5681AFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1269-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-866=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-866=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-7-2.1 kgraft-patch-3_12_74-60_64_60-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-7-2.1 kgraft-patch-3_12_74-60_64_60-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:34:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:34:48 +0200 (CEST) Subject: SUSE-SU-2018:1270-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) Message-ID: <20180511223448.E9766FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1270-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-887=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-8-2.2 kgraft-patch-4_4_82-6_3-default-debuginfo-8-2.2 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:35:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:35:55 +0200 (CEST) Subject: SUSE-SU-2018:1272-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) Message-ID: <20180511223555.D94DCFD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1272-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-878=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-878=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_32-default-9-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_32-default-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Fri May 11 16:36:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 May 2018 00:36:32 +0200 (CEST) Subject: SUSE-SU-2018:1273-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12) Message-ID: <20180511223632.EF9D1FD1E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1273-1 Rating: important References: #1088268 #1090036 Cross-References: CVE-2017-0861 CVE-2018-1000199 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-860=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_106-default-5-2.1 kgraft-patch-3_12_61-52_106-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-0861.html https://www.suse.com/security/cve/CVE-2018-1000199.html https://bugzilla.suse.com/1088268 https://bugzilla.suse.com/1090036 From sle-updates at lists.suse.com Mon May 14 07:07:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:07:21 +0200 (CEST) Subject: SUSE-RU-2018:1276-1: moderate: Recommended update for libvirt Message-ID: <20180514130721.89257FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1276-1 Rating: moderate References: #1087887 #1090066 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libvirt fixes the following issues: - Fix libvirtd crash when creating VMs with custom CPU (bsc#1087887, bsc#1090066) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvirt-13598=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvirt-13598=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-13598=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-1.2.5-23.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libvirt-devel-32bit-1.2.5-23.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-1.2.5-23.12.1 libvirt-client-1.2.5-23.12.1 libvirt-doc-1.2.5-23.12.1 libvirt-lock-sanlock-1.2.5-23.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-23.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-23.12.1 libvirt-debugsource-1.2.5-23.12.1 References: https://bugzilla.suse.com/1087887 https://bugzilla.suse.com/1090066 From sle-updates at lists.suse.com Mon May 14 07:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:08:03 +0200 (CEST) Subject: SUSE-RU-2018:1277-1: important: Recommended update for SUSEConnect Message-ID: <20180514130803.A130AFD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1277-1 Rating: important References: #1044493 #1047153 #1064264 #1086420 #1089320 #914297 #964013 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix rollback mechanism on SLE15 systems (bsc#1089320) - Don't try to delete directory of nonexistent service files (bsc#1086420) - Fix list-extensions to show the full SLE 15 tree (bsc#1064264) - Enable automatic activation of recommended extensions/modules - Automatically deregister all installed extensions/modules when deregistering a system - virt-create-rootfs connects to SMT server without breaking (bsc#914297) - Make target_base_product parameter mandatory - Properly refresh zypper services when deactivating a product on SMT (bsc#1047153) - Fix --namespace parameter persistence (bsc#1044493) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-899=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-899=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-899=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-899=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-899=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.10-19.10.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.10-19.10.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.10-19.10.8.1 - SUSE Enterprise Storage 4 (x86_64): SUSEConnect-0.3.10-19.10.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.10-19.10.8.1 References: https://bugzilla.suse.com/1044493 https://bugzilla.suse.com/1047153 https://bugzilla.suse.com/1064264 https://bugzilla.suse.com/1086420 https://bugzilla.suse.com/1089320 https://bugzilla.suse.com/914297 https://bugzilla.suse.com/964013 From sle-updates at lists.suse.com Mon May 14 07:09:56 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:09:56 +0200 (CEST) Subject: SUSE-RU-2018:1278-1: important: Recommended update for rollback-helper Message-ID: <20180514130956.6ADB4FD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1278-1 Rating: important References: #1011912 #1032129 #1068947 #1090073 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Check whether system is registered before rollback (bsc#1032129) - Check if current btrfs snapshot is the production snapshot before re-registering (bsc#1068947) - Add missing systemd requirement (bsc#1011912) - Make sure rollback-helper is started only after all filesystems are accessible. This makes sure that checking for the correct snapshot is properly done and prevents it from thinking there is nothing to do. (bsc#1090073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-900=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): rollback-helper-1.0+git20180419.3c7281d-5.3.1 References: https://bugzilla.suse.com/1011912 https://bugzilla.suse.com/1032129 https://bugzilla.suse.com/1068947 https://bugzilla.suse.com/1090073 From sle-updates at lists.suse.com Mon May 14 07:10:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:10:59 +0200 (CEST) Subject: SUSE-RU-2018:1279-1: moderate: Recommended update for drm Message-ID: <20180514131059.72000FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for drm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1279-1 Rating: moderate References: #1087047 #1088569 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drm fixes the following issues: - bsc#1087047: Subsequent resume from suspend may fail - bsc#1088569: Oops with NULL dereference at i915 module Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-902=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-902=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): drm-kmp-default-4.9.33_k4.4.120_94.17-4.14.1 drm-kmp-default-debuginfo-4.9.33_k4.4.120_94.17-4.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): drm-kmp-default-4.9.33_k4.4.120_94.17-4.14.1 drm-kmp-default-debuginfo-4.9.33_k4.4.120_94.17-4.14.1 References: https://bugzilla.suse.com/1087047 https://bugzilla.suse.com/1088569 From sle-updates at lists.suse.com Mon May 14 07:11:35 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:11:35 +0200 (CEST) Subject: SUSE-RU-2018:1280-1: important: Recommended update for rollback-helper Message-ID: <20180514131135.7A46DFD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1280-1 Rating: important References: #1011912 #1032129 #1068947 #1090073 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Check whether system is registered before rollback (bsc#1032129) - Check if current btrfs snapshot is the production snapshot before re-registering (bsc#1068947) - Add missing systemd requirement (bsc#1011912) - Make sure rollback-helper is started only after all filesystems are accessible. This makes sure that checking for the correct snapshot is properly done and prevents it from thinking there is nothing to do. (bsc#1090073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-901=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-901=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-901=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-901=1 Package List: - SUSE OpenStack Cloud 7 (noarch): rollback-helper-1.0+git20180419.3c7281d-7.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): rollback-helper-1.0+git20180419.3c7281d-7.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): rollback-helper-1.0+git20180419.3c7281d-7.3.1 - SUSE Enterprise Storage 4 (noarch): rollback-helper-1.0+git20180419.3c7281d-7.3.1 References: https://bugzilla.suse.com/1011912 https://bugzilla.suse.com/1032129 https://bugzilla.suse.com/1068947 https://bugzilla.suse.com/1090073 From sle-updates at lists.suse.com Mon May 14 07:12:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 15:12:40 +0200 (CEST) Subject: SUSE-RU-2018:1281-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20180514131240.751BAFD25@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1281-1 Rating: moderate References: #1075978 #1077635 #1079991 #1082318 #1086602 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libsolv, libzypp provides the following fixes: Changes in libsolv: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Also make use of suggests for ordering packages. (bsc#1077635) - Fix bad assignment in solution refinement that led to a memory leak. (bsc#1075978) - Use license tag instead of doc in the spec file. (bsc#1082318) Changes in libzypp: - Make sure the product file comes from /etc/products.d for the fallback product search. (bsc#1086602) - Fix a memory leak in Digest.cc. (bsc#1075978) - Add /var/lib/gdm to CheckAccessDeleted blacklist to prevent showing superfluous `zypper ps -s` messages. (bsc#1079991) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-903=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-903=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-903=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-903=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-903=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 perl-solv-0.6.34-2.27.16.3 perl-solv-debuginfo-0.6.34-2.27.16.3 python-solv-0.6.34-2.27.16.3 python-solv-debuginfo-0.6.34-2.27.16.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 perl-solv-0.6.34-2.27.16.3 perl-solv-debuginfo-0.6.34-2.27.16.3 python-solv-0.6.34-2.27.16.3 python-solv-debuginfo-0.6.34-2.27.16.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 perl-solv-0.6.34-2.27.16.3 perl-solv-debuginfo-0.6.34-2.27.16.3 python-solv-0.6.34-2.27.16.3 python-solv-debuginfo-0.6.34-2.27.16.3 - SUSE Enterprise Storage 4 (x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 perl-solv-0.6.34-2.27.16.3 perl-solv-debuginfo-0.6.34-2.27.16.3 python-solv-0.6.34-2.27.16.3 python-solv-debuginfo-0.6.34-2.27.16.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsolv-debugsource-0.6.34-2.27.16.3 libsolv-tools-0.6.34-2.27.16.3 libsolv-tools-debuginfo-0.6.34-2.27.16.3 libzypp-16.17.12-27.47.4 libzypp-debuginfo-16.17.12-27.47.4 libzypp-debugsource-16.17.12-27.47.4 References: https://bugzilla.suse.com/1075978 https://bugzilla.suse.com/1077635 https://bugzilla.suse.com/1079991 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1086602 From sle-updates at lists.suse.com Mon May 14 10:07:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 18:07:20 +0200 (CEST) Subject: SUSE-OU-2018:1282-1: Initial release of python3-apache-libcloud Message-ID: <20180514160720.A50C9FD25@maintenance.suse.de> SUSE Optional Update: Initial release of python3-apache-libcloud ______________________________________________________________________________ Announcement ID: SUSE-OU-2018:1282-1 Rating: low References: #1073879 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the following new Python 3 module for the Advanced Systems Management Module: - python3-apache-libcloud Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-904=1 Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-apache-libcloud-0.19.0-3.3.1 python3-apache-libcloud-0.19.0-3.3.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Mon May 14 13:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 21:07:12 +0200 (CEST) Subject: SUSE-RU-2018:1284-1: moderate: Recommended update for binutils Message-ID: <20180514190712.9E588FD1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1284-1 Rating: moderate References: #1075418 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: - Fix pacemaker libqb problem with section start/stop symbols. (bsc#1075418) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-906=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-906=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-906=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-906=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.29.1-9.23.1 binutils-debugsource-2.29.1-9.23.1 binutils-devel-2.29.1-9.23.1 cross-ppc-binutils-2.29.1-9.23.1 cross-ppc-binutils-debuginfo-2.29.1-9.23.1 cross-ppc-binutils-debugsource-2.29.1-9.23.1 cross-spu-binutils-2.29.1-9.23.1 cross-spu-binutils-debuginfo-2.29.1-9.23.1 cross-spu-binutils-debugsource-2.29.1-9.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): binutils-gold-2.29.1-9.23.1 binutils-gold-debuginfo-2.29.1-9.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.29.1-9.23.1 binutils-debuginfo-2.29.1-9.23.1 binutils-debugsource-2.29.1-9.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): binutils-2.29.1-9.23.1 binutils-debuginfo-2.29.1-9.23.1 binutils-debugsource-2.29.1-9.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): binutils-2.29.1-9.23.1 binutils-debuginfo-2.29.1-9.23.1 binutils-debugsource-2.29.1-9.23.1 References: https://bugzilla.suse.com/1075418 From sle-updates at lists.suse.com Mon May 14 13:07:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 21:07:43 +0200 (CEST) Subject: SUSE-RU-2018:1285-1: moderate: Recommended update for yast2-sap-scp-prodlist Message-ID: <20180514190743.CE1E7FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sap-scp-prodlist ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1285-1 Rating: moderate References: #1086473 #1086474 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-sap-scp-prodlist updates the product list with the following changes: - Add ArchGlobal's Floe. (bsc#1086473) - Remove SEP products. (bsc#1086474) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-905=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-905=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-905=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): yast2-sap-scp-prodlist-1.0.4-5.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): yast2-sap-scp-prodlist-1.0.4-5.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): yast2-sap-scp-prodlist-1.0.4-5.6.1 References: https://bugzilla.suse.com/1086473 https://bugzilla.suse.com/1086474 From sle-updates at lists.suse.com Mon May 14 13:08:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 May 2018 21:08:19 +0200 (CEST) Subject: SUSE-RU-2018:1286-1: moderate: Recommended update for python-Jinja2 Message-ID: <20180514190819.65A58FD1E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1286-1 Rating: moderate References: #1092928 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-Jinja2 fixes the following issues: - Restore provides for python-jinja2. (bsc#1092928) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-907=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-907=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-907=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-907=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-907=1 Package List: - SUSE Manager Tools 12 (noarch): python-Jinja2-2.8-19.14.1 python3-Jinja2-2.8-19.14.1 - SUSE Manager Server 3.0 (noarch): python-Jinja2-2.8-19.14.1 python3-Jinja2-2.8-19.14.1 - SUSE Manager Proxy 3.0 (noarch): python-Jinja2-2.8-19.14.1 python3-Jinja2-2.8-19.14.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.8-19.14.1 python3-Jinja2-2.8-19.14.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-Jinja2-2.8-19.14.1 python3-Jinja2-2.8-19.14.1 References: https://bugzilla.suse.com/1092928 From sle-updates at lists.suse.com Tue May 15 07:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 May 2018 15:07:29 +0200 (CEST) Subject: SUSE-RU-2018:1287-1: Recommended update for filesystem Message-ID: <20180515130729.C336DFD1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for filesystem ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1287-1 Rating: low References: #1082318 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for filesystem provides the following fix: - Become owner of /usr/share/licenses to support %license tags in RPM, as explained in http://rpm.org/wiki/Releases/4.11.0 . (bsc#1082318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-909=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-909=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-909=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-909=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-909=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-909=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-909=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-909=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-909=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): filesystem-13.1-13.3.1 - SUSE OpenStack Cloud 6 (x86_64): filesystem-13.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): filesystem-13.1-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): filesystem-13.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): filesystem-13.1-13.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): filesystem-13.1-13.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): filesystem-13.1-13.3.1 - SUSE Enterprise Storage 4 (x86_64): filesystem-13.1-13.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): filesystem-13.1-13.3.1 References: https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Tue May 15 10:07:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 May 2018 18:07:36 +0200 (CEST) Subject: SUSE-SU-2018:1288-1: moderate: Security update for librsvg Message-ID: <20180515160736.F4210FD1F@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1288-1 Rating: moderate References: #1083232 Cross-References: CVE-2018-1000041 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librsvg fixes the following issues: - CVE-2018-1000041: Input validation issue could lead to credentials leak. (bsc#1083232) Update to version 2.40.20: + Except for emergencies, this will be the LAST RELEASE of the librsvg-2.40.x series. We are moving to 2.41, which is vastly improved over the 2.40 series. The API/ABI there remain unchaged, so we strongly encourage you to upgrade your sources and binaries to librsvg-2.41.x. + bgo#761175 - Allow masks and clips to reuse a node being drawn. + Don't access the file system when deciding whether to load a remote file with a UNC path for a paint server (i.e. don't try to load it at all). + Vistual Studio: fixed and integrated introspection builds, so introspection data is built directly from the Visual Studio project (Chun-wei Fan). + Visual Studio: We now use HIGHENTROPYVA linker option on x64 builds, to enhance the security of built binaries (Chun-wei Fan). + Fix generation of Vala bindings when compiling in read-only source directories (Emmanuele Bassi). Update to version 2.40.19: + bgo#621088: Using text objects as clipping paths is now supported. + bgo#587721: Fix rendering of text elements with transformations (Massimo). + bgo#777833 - Fix memory leaks when an RsvgHandle is disposed before being closed (Philip Withnall). + bgo#782098 - Don't pass deprecated options to gtk-doc (Ting-Wei Lan). + bgo#786372 - Fix the default for the "type" attribute of the