From sle-updates at lists.suse.com Mon Jul 1 07:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 15:11:20 +0200 (CEST) Subject: SUSE-SU-2019:1717-1: important: Security update for gvfs Message-ID: <20190701131120.B8EB4FDCE@maintenance.suse.de> SUSE Security Update: Security update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1717-1 Rating: important References: #1125433 #1136981 #1136986 #1136992 #1137930 Cross-References: CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for gvfs fixes the following issues: Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1717=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1717=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1717=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): gvfs-32bit-1.34.2.1-4.13.1 gvfs-32bit-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.13.1 gvfs-backend-afc-1.34.2.1-4.13.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.13.1 gvfs-backend-samba-1.34.2.1-4.13.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.13.1 gvfs-backends-1.34.2.1-4.13.1 gvfs-backends-debuginfo-1.34.2.1-4.13.1 gvfs-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 gvfs-devel-1.34.2.1-4.13.1 gvfs-fuse-1.34.2.1-4.13.1 gvfs-fuse-debuginfo-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gvfs-lang-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.13.1 gvfs-backend-afc-1.34.2.1-4.13.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.13.1 gvfs-backend-samba-1.34.2.1-4.13.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.13.1 gvfs-backends-1.34.2.1-4.13.1 gvfs-backends-debuginfo-1.34.2.1-4.13.1 gvfs-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 gvfs-devel-1.34.2.1-4.13.1 gvfs-fuse-1.34.2.1-4.13.1 gvfs-fuse-debuginfo-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gvfs-lang-1.34.2.1-4.13.1 References: https://www.suse.com/security/cve/CVE-2019-12447.html https://www.suse.com/security/cve/CVE-2019-12448.html https://www.suse.com/security/cve/CVE-2019-12449.html https://www.suse.com/security/cve/CVE-2019-12795.html https://bugzilla.suse.com/1125433 https://bugzilla.suse.com/1136981 https://bugzilla.suse.com/1136986 https://bugzilla.suse.com/1136992 https://bugzilla.suse.com/1137930 From sle-updates at lists.suse.com Mon Jul 1 10:11:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:11:43 +0200 (CEST) Subject: SUSE-SU-2019:1211-2: important: Security update for java-1_8_0-openjdk Message-ID: <20190701161143.C3CFAFDCE@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1211-2 Rating: important References: #1132728 #1132729 #1132732 #1133135 Cross-References: CVE-2018-3639 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1211=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1211=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-src-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1133135 From sle-updates at lists.suse.com Mon Jul 1 10:13:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:13:27 +0200 (CEST) Subject: SUSE-SU-2019:1351-2: important: Security update for gnutls Message-ID: <20190701161327.38AB8FDCE@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1351-2 Rating: important References: #1118087 #1134856 Cross-References: CVE-2018-16868 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1351=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1351=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 gnutls-guile-3.6.7-6.11.1 gnutls-guile-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgnutls-devel-32bit-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.11.1 gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 libgnutls-devel-3.6.7-6.11.1 libgnutls30-3.6.7-6.11.1 libgnutls30-debuginfo-3.6.7-6.11.1 libgnutlsxx-devel-3.6.7-6.11.1 libgnutlsxx28-3.6.7-6.11.1 libgnutlsxx28-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgnutls30-32bit-3.6.7-6.11.1 libgnutls30-32bit-debuginfo-3.6.7-6.11.1 References: https://www.suse.com/security/cve/CVE-2018-16868.html https://bugzilla.suse.com/1118087 https://bugzilla.suse.com/1134856 From sle-updates at lists.suse.com Mon Jul 1 10:15:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:15:52 +0200 (CEST) Subject: SUSE-SU-2019:1221-2: moderate: Security update for libxslt Message-ID: <20190701161552.A62E9FDCE@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1221-2 Rating: moderate References: #1132160 Cross-References: CVE-2019-11068 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1221=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1221=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libxslt-python-1.1.32-3.3.1 libxslt-python-debuginfo-1.1.32-3.3.1 libxslt-python-debugsource-1.1.32-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libxslt-debugsource-1.1.32-3.3.1 libxslt-devel-32bit-1.1.32-3.3.1 libxslt1-32bit-1.1.32-3.3.1 libxslt1-32bit-debuginfo-1.1.32-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.32-3.3.1 libxslt-devel-1.1.32-3.3.1 libxslt-tools-1.1.32-3.3.1 libxslt-tools-debuginfo-1.1.32-3.3.1 libxslt1-1.1.32-3.3.1 libxslt1-debuginfo-1.1.32-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://bugzilla.suse.com/1132160 From sle-updates at lists.suse.com Mon Jul 1 10:16:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:16:33 +0200 (CEST) Subject: SUSE-SU-2019:1357-2: important: Security update for curl Message-ID: <20190701161633.57111FDCE@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1357-2 Rating: important References: #1135170 Cross-References: CVE-2019-5436 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1357=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.20.1 curl-mini-debuginfo-7.60.0-3.20.1 curl-mini-debugsource-7.60.0-3.20.1 libcurl-mini-devel-7.60.0-3.20.1 libcurl4-mini-7.60.0-3.20.1 libcurl4-mini-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): curl-debugsource-7.60.0-3.20.1 libcurl-devel-32bit-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.20.1 curl-debuginfo-7.60.0-3.20.1 curl-debugsource-7.60.0-3.20.1 libcurl-devel-7.60.0-3.20.1 libcurl4-7.60.0-3.20.1 libcurl4-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.20.1 libcurl4-32bit-debuginfo-7.60.0-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-5436.html https://bugzilla.suse.com/1135170 From sle-updates at lists.suse.com Mon Jul 1 10:17:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:17:16 +0200 (CEST) Subject: SUSE-SU-2019:1207-2: important: Security update for 389-ds Message-ID: <20190701161716.0312AFDCE@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1207-2 Rating: important References: #1076530 #1096368 #1105606 #1106699 Cross-References: CVE-2017-15134 CVE-2017-15135 CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10850: Fixed a race condition on reference counter that would lead to a denial of service using persistent search (bsc#1096368) - CVE-2017-15134: Fixed a remote denial of service via search filters in slapi_filter_sprintf in slapd/util.c (bsc#1076530) - CVE-2017-15135: Fixed authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (bsc#1076530) - CVE-2018-10935: Fixed an issue that allowed users to cause a crash via ldapsearch with server side sorts (bsc#1105606) - CVE-2018-14624: The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(), allowing an attacker to send a flood of modifications to a very large DN, which could have caused slapd to crash (bsc#1106699). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1207=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1207=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.0.3-4.7.52 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-devel-1.4.0.3-4.7.52 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-snmp-1.4.0.3-4.7.52 389-ds-snmp-debuginfo-1.4.0.3-4.7.52 References: https://www.suse.com/security/cve/CVE-2017-15134.html https://www.suse.com/security/cve/CVE-2017-15135.html https://www.suse.com/security/cve/CVE-2018-10850.html https://www.suse.com/security/cve/CVE-2018-10935.html https://www.suse.com/security/cve/CVE-2018-14624.html https://bugzilla.suse.com/1076530 https://bugzilla.suse.com/1096368 https://bugzilla.suse.com/1105606 https://bugzilla.suse.com/1106699 From sle-updates at lists.suse.com Tue Jul 2 07:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:11:15 +0200 (CEST) Subject: SUSE-SU-2019:1721-1: moderate: Security update for dnsmasq Message-ID: <20190702131115.C2DB8FDCE@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1721-1 Rating: moderate References: #1054429 #1076958 Cross-References: CVE-2017-15107 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Reload system dbus to pick up policy change on install (bsc#1054429). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1721=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1721=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1721=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1721=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1721=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1721=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1721=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1721=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 References: https://www.suse.com/security/cve/CVE-2017-15107.html https://bugzilla.suse.com/1054429 https://bugzilla.suse.com/1076958 From sle-updates at lists.suse.com Tue Jul 2 07:12:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:12:54 +0200 (CEST) Subject: SUSE-SU-2019:1266-2: moderate: Security update for evolution Message-ID: <20190702131254.2F344FDCE@maintenance.suse.de> SUSE Security Update: Security update for evolution ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1266-2 Rating: moderate References: #1125230 Cross-References: CVE-2018-15587 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evolution fixes the following issues: Security issue fixed: - CVE-2018-15587: Fixed an issue with spoofed pgp signatures by using specially crafted emails (bsc#1125230). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1266=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1266=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): evolution-lang-3.26.6-4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): evolution-3.26.6-4.3.1 evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 evolution-devel-3.26.6-4.3.1 evolution-plugin-bogofilter-3.26.6-4.3.1 evolution-plugin-bogofilter-debuginfo-3.26.6-4.3.1 evolution-plugin-pst-import-3.26.6-4.3.1 evolution-plugin-pst-import-debuginfo-3.26.6-4.3.1 evolution-plugin-spamassassin-3.26.6-4.3.1 evolution-plugin-spamassassin-debuginfo-3.26.6-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 glade-catalog-evolution-3.26.6-4.3.1 glade-catalog-evolution-debuginfo-3.26.6-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15587.html https://bugzilla.suse.com/1125230 From sle-updates at lists.suse.com Tue Jul 2 07:13:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:13:33 +0200 (CEST) Subject: SUSE-RU-2019:1720-1: important: Recommended update for dehydrated Message-ID: <20190702131333.6F0C3FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for dehydrated ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1720-1 Rating: important References: #1110697 #1139408 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dehydrated fixes the following issues: - Update to dehydrated 0.6.5 * Fetch account ID from Location header instead of account json (bsc#1139408) * OCSP refresh interval is now configurable * Implemented POST-as-GET * Call exit_hook on errors (with error-message as first parameter) * Initial support for tls-alpn-01 validation * New hook: sync_cert (for syncing certificate files to disk, see example hook description) * Fetch account information after registration to avoid missing account id - Remove RandomizedDelaySec attribute for distros with older systemd (bsc#1110697) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1720=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1720=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): dehydrated-0.6.5-3.3.1 dehydrated-apache2-0.6.5-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): dehydrated-0.6.5-3.3.1 dehydrated-apache2-0.6.5-3.3.1 References: https://bugzilla.suse.com/1110697 https://bugzilla.suse.com/1139408 From sle-updates at lists.suse.com Tue Jul 2 07:14:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:14:25 +0200 (CEST) Subject: SUSE-SU-2019:1722-1: important: Security update for glib2 Message-ID: <20190702131425.6277BFDCE@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1722-1 Rating: important References: #1061599 #1107116 #1107121 #1137001 Cross-References: CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1722=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1722=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1722=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1722=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1722=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1722=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1722=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1722=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1722=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE OpenStack Cloud 7 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Enterprise Storage 4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Enterprise Storage 4 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE CaaS Platform 3.0 (noarch): gio-branding-upstream-2.48.2-12.12.2 - SUSE CaaS Platform 3.0 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glib2-debugsource-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 References: https://www.suse.com/security/cve/CVE-2018-16428.html https://www.suse.com/security/cve/CVE-2018-16429.html https://www.suse.com/security/cve/CVE-2019-12450.html https://bugzilla.suse.com/1061599 https://bugzilla.suse.com/1107116 https://bugzilla.suse.com/1107121 https://bugzilla.suse.com/1137001 From sle-updates at lists.suse.com Tue Jul 2 07:15:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:15:33 +0200 (CEST) Subject: SUSE-SU-2019:14111-1: important: Security update for dbus-1 Message-ID: <20190702131533.94CDFFDCE@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14111-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-dbus-1-14111=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dbus-1-14111=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dbus-1-14111=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dbus-1-14111=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): dbus-1-1.2.10-3.34.8.1 dbus-1-x11-1.2.10-3.34.8.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.34.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dbus-1-1.2.10-3.34.8.1 dbus-1-x11-1.2.10-3.34.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): dbus-1-debuginfo-1.2.10-3.34.8.1 dbus-1-debugsource-1.2.10-3.34.8.1 dbus-1-x11-debuginfo-1.2.10-3.34.8.1 dbus-1-x11-debugsource-1.2.10-3.34.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dbus-1-debuginfo-1.2.10-3.34.8.1 dbus-1-debugsource-1.2.10-3.34.8.1 dbus-1-x11-debuginfo-1.2.10-3.34.8.1 dbus-1-x11-debugsource-1.2.10-3.34.8.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Tue Jul 2 07:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:12:09 +0200 (CEST) Subject: SUSE-SU-2019:1267-2: moderate: Security update for graphviz Message-ID: <20190702131209.A5533FDCE@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1267-2 Rating: moderate References: #1132091 Cross-References: CVE-2019-11023 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1267=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1267=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-tcl-2.40.1-6.3.2 graphviz-tcl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-doc-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 graphviz-guile-2.40.1-6.3.2 graphviz-guile-debuginfo-2.40.1-6.3.2 graphviz-gvedit-2.40.1-6.3.2 graphviz-gvedit-debuginfo-2.40.1-6.3.2 graphviz-java-2.40.1-6.3.2 graphviz-java-debuginfo-2.40.1-6.3.2 graphviz-lua-2.40.1-6.3.2 graphviz-lua-debuginfo-2.40.1-6.3.2 graphviz-php-2.40.1-6.3.2 graphviz-php-debuginfo-2.40.1-6.3.2 graphviz-ruby-2.40.1-6.3.2 graphviz-ruby-debuginfo-2.40.1-6.3.2 graphviz-smyrna-2.40.1-6.3.2 graphviz-smyrna-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-perl-2.40.1-6.3.2 graphviz-perl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.3.2 graphviz-debuginfo-2.40.1-6.3.2 graphviz-debugsource-2.40.1-6.3.2 graphviz-devel-2.40.1-6.3.2 graphviz-plugins-core-2.40.1-6.3.2 graphviz-plugins-core-debuginfo-2.40.1-6.3.2 libgraphviz6-2.40.1-6.3.2 libgraphviz6-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gd-2.40.1-6.3.2 graphviz-gd-debuginfo-2.40.1-6.3.2 graphviz-python-2.40.1-6.3.2 graphviz-python-debuginfo-2.40.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2019-11023.html https://bugzilla.suse.com/1132091 From sle-updates at lists.suse.com Tue Jul 2 07:16:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:16:13 +0200 (CEST) Subject: SUSE-SU-2019:1220-2: moderate: Security update for cf-cli Message-ID: <20190702131613.B5DC6FDCE@maintenance.suse.de> SUSE Security Update: Security update for cf-cli ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1220-2 Rating: moderate References: #1132242 Cross-References: CVE-2019-3781 Affected Products: SUSE Linux Enterprise Module for CAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 (bsc#1132242) Enhancements : - `cf curl` supports a new `--fail` flag (primarily for scripting purposes) which returns exit code `22` for server errors [story](https://www.pivotaltracker.com/story/show/130060949) - Improves `cf delete-orphaned-routes` such that it uses a different endpoint, reducing the chance of a race condition when two users are simultaneously deleting orphaned routes and associating routes with applications [story](https://www.pivotaltracker.com/story/show/163156064) - we've improved the speed of cf services - it now hits a single endpoint instead of making individual API calls Security: - CVE-2019-3781: CF CLI does not sanitize user???s password in verbose/trace/debug. - Fixes issue with running cf login in verbose mode whereby passwords which contains regex were not completely redacted - Fixes issue whilst running commands in verbose mode refresh tokens were not completely redacted Other Bug Fixes: - Updates help text for cf curlstory - Now refresh tokens work properly whilst using cf curl with V3 CC API endpoints story - Fixes performance degradation for cf services story - cf delete-service requires that you are targeting a space story - cf enable-service access for a service in an org will succeed if you have already enabled access for that service in that org story cf-cli was updated to version 6.42.0: Minor Enhancements: - updated `cf restage` help text and the first line in the command's output to indicate that using this command will cause app downtime [story](https://www.pivotaltracker.com/story/show/151841382) - updated the `cf bind-route-service` help text to clarify usage instructions [story](https://www.pivotaltracker.com/story/show/150111078) - improved an error message for `cf create-service-boker` to be more helpful when the CC API returns a `502` due to an invalid service broker catalog - upgraded to Golang 1.11.4 [story](https://www.pivotaltracker.com/story/show/162745359) - added a short name `ue` for `cf unset-env` [story](https://www.pivotaltracker.com/story/show/161632713) - updated `cf marketplace` command to include a new `broker` column to prepare for a upcoming services-related feature which will allow services to have the same name as long as they are associated with different service brokers [story](https://www.pivotaltracker.com/story/show/162699756) Bugs: - fix for `cf enable-service-access -p plan` whereby when we refactored the code in CLI `v6.41.0` it created service plan visibilities as part of a subsequent run of the command (the unrefactored code skipped creating the service plan visibilities); now the command will skip creating service plan visibilities as it did prior to the refactor [story](https://www.pivotaltracker.com/story/show/162747373) - updated the `cf rename-buildpack` help text which was missing reference to the `-s` stack flag [story](https://www.pivotaltracker.com/story/show/162428661) - updated help text for when users use `brew search cloudfoundry-cli` [story](https://www.pivotaltracker.com/story/show/161770940) - now when you run `cf service service-instance` for a route service, the route service url appears in the key value table [story](https://www.pivotaltracker.com/story/show/162498211) Update to version 6.41.0: Enhancements: - updated `cf --help` to include the `delete` command [story](https://www.pivotaltracker.com/story/show/161556511) Update to version 6.40.1: Bug Fixes: - Updates the minimum version for the buildpacks-stacks association feature. In [CLI v6.39.0](https://github.com/cloudfoundry/cli/releases/tag/v6.39.0), when the feature was released, we incorrectly set the minimum to cc api version as`2.114`. The minimum cc api version is now correctly set to [`2.112`](https://github.com/cloudfoundry/capi-release/releases/tag/1.58.0) . [story](https://www.pivotaltracker.com/story/show/161464797) - Fixes a bug with inspecting a service instance `cf service service-instance`, now the `documentation` url displays correctly for services which populate that field [story](https://www.pivotaltracker.com/story/show/161251875) Update to version 6.40.0: Bug Fixes: - Fix bug where trailing slash on cf api would break listing commands for older CC APIs story. For older versions of CC API, if the API URL had a trailing slash, some requests would fail with an "Unknown request" error. These requests are now handled properly. Update to version 6.39.0: Enhancements: - for users on cc api 3.27, cf start is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. Note that if you use v3 commands to create and start your app, if you subsequently use cf stop and cf start, the routes property in cf app will not populate even though the route exists story - for users on cc api 3.27, cf restart is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - for users on cc api 3.27, cf restage is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - improved help text for -d domains for cf push to include examples of usage story - cf v3-scale displays additional app information story - if you've created an internal domain, and it is the first domain in cc, the CLI will now ignore the internal domain and instead choose the next non-internal domain when you push an app story Bug Fixes: - Fix for users on macOS attempting to brew install cf-cli the CF CLI using the unreleased master branch of Homebrew story - Fixes an issue whereby, due to a recent cc api change, when you execute cf push and watch the cf app command, the app display returned a 400 error story - Fixes a bug whereby if you logged in using client credentials, cf auth user pass --client credentials you were unable to create an org; now create-org will assign the role to the user id specified in your manifest story - fixes an issue introduced when we refactored cf start and as part of that work, we stopped blocking on the initial connection with the logging backend; now the CLI blocks until the NOAA connection is made, or the default dial timeout of five seconds is reached story update to version 6.38.0: Enhancements: - v3-ssh process type now defaults to web story - Support added for setting tags for user provided service instances story - Now a warning appears if you attempt to use deprecated properties and variable substitution story - Updated usage so now you can rename the cf binary use it with every command story - cf events now displays the Diego cell_id and instance guid in crash events story - Includes cf service service-instance table display improvements wherein the service instance information is now grouped separately from the binding information story - cf service service-instance table display information for user provided services changed: status has been added to the table story Bug Fixes: - the CLI now properly handles escaped commas in the X-Cf-Warnings header Update to version 6.37.0: Enhancements - The api/cloudcontroller/ccv2 package has been updated with more functions #1343 - Now a warning appears if you are using a API version older than 2.69.0, which is no longer officially supported - Now the CLI reads the username and password from the environment variables #1358 Bug Fixes: - Fixes bug whereby X-Cf-Warnings were not being unescaped when displayed to user #1361 - When using CF_TRACE=1, passwords are now sanitized #1375 and tracker Update to version 6.36.0: Bug Fixes: - int64 support for cf/flags library, #1333 - Debian package, #1336 - Web action flag not working on CLI 0.6.5, #1337 - When a cf push upload fails/Consul is down, a panic occurs, #1340 and #1351 update to version 6.35.2: Bug Fixes: - Providing a clearer services authorization warning message when a service has been disabled for the organization, fixing #1344 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for CAP 15-SP1: zypper in -t patch SUSE-SLE-Module-CAP-Tools-15-SP1-2019-1220=1 Package List: - SUSE Linux Enterprise Module for CAP 15-SP1 (x86_64): cf-cli-6.43.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-3781.html https://bugzilla.suse.com/1132242 From sle-updates at lists.suse.com Tue Jul 2 13:15:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:15:35 +0200 (CEST) Subject: SUSE-RU-2019:1728-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20190702191535.29074F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1728-1 Rating: moderate References: #1130041 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Add back the steam subpackage on openSUSE Leap 15 whose openssl-1_0_0 package is inherited from this package (bsc#1130041) This update also ships openssl-1_0_0 to the SUSE Manager Client Tools 15 repository, to be used for phantomjs / grafana. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1728=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1728=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1728=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1728=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.17.11 libopenssl1_0_0-steam-1.0.2p-3.17.11 libopenssl1_0_0-steam-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-cavs-1.0.2p-3.17.11 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debugsource-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): openssl-1_0_0-doc-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.17.11 libopenssl1_0_0-32bit-1.0.2p-3.17.11 libopenssl1_0_0-32bit-debuginfo-1.0.2p-3.17.11 libopenssl1_0_0-hmac-32bit-1.0.2p-3.17.11 libopenssl1_0_0-steam-32bit-1.0.2p-3.17.11 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.17.11 libopenssl1_0_0-steam-1.0.2p-3.17.11 libopenssl1_0_0-steam-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-cavs-1.0.2p-3.17.11 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debugsource-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_0_0-doc-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.17.11 libopenssl1_0_0-1.0.2p-3.17.11 libopenssl1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-1.0.2p-3.17.11 openssl-1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debugsource-1.0.2p-3.17.11 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.17.11 libopenssl1_0_0-1.0.2p-3.17.11 libopenssl1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-1.0.2p-3.17.11 openssl-1_0_0-debuginfo-1.0.2p-3.17.11 openssl-1_0_0-debugsource-1.0.2p-3.17.11 References: https://bugzilla.suse.com/1130041 From sle-updates at lists.suse.com Tue Jul 2 13:16:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:16:17 +0200 (CEST) Subject: SUSE-RU-2019:1314-2: moderate: Recommended update for java-10-openjdk Message-ID: <20190702191617.32579F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-10-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1314-2 Rating: moderate References: #1131378 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-10-openjdk fixes the following issues: - Require update-ca-certificates by the headless subpackage (bsc#1131378) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1314=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1314=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-10-openjdk-accessibility-10.0.2.0-3.6.2 java-10-openjdk-accessibility-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debugsource-10.0.2.0-3.6.2 java-10-openjdk-jmods-10.0.2.0-3.6.2 java-10-openjdk-src-10.0.2.0-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-10-openjdk-javadoc-10.0.2.0-3.6.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-10-openjdk-10.0.2.0-3.6.2 java-10-openjdk-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debugsource-10.0.2.0-3.6.2 java-10-openjdk-demo-10.0.2.0-3.6.2 java-10-openjdk-devel-10.0.2.0-3.6.2 java-10-openjdk-headless-10.0.2.0-3.6.2 References: https://bugzilla.suse.com/1131378 From sle-updates at lists.suse.com Tue Jul 2 13:16:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:16:58 +0200 (CEST) Subject: SUSE-RU-2019:1312-2: moderate: Recommended update for aaa_base Message-ID: <20190702191658.8C058F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1312-2 Rating: moderate References: #1096191 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1312=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1312=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1312=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.9.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-extras-84.87+git20180409.04c9dae-3.9.1 References: https://bugzilla.suse.com/1096191 From sle-updates at lists.suse.com Tue Jul 2 13:17:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:17:40 +0200 (CEST) Subject: SUSE-RU-2019:1729-1: moderate: Recommended update for openssl-1_1 Message-ID: <20190702191740.BB625F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1729-1 Rating: moderate References: #1133925 #1135550 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-1_1 to version 1.1.1c fixes the following issues: Issues addressed: - Updated to 1.1.1c (bsc#1133925, jsc#SLE-6430) - Fixed a crash caused by long locale messages (bsc#1135550). - Added s390x vectorized support for ChaCha20 and Poly1305 (jsc#SLE-6126, jsc#SLE-6129) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1729=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1729=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1729=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1c-2.17.2 openssl-1_1-debuginfo-1.1.1c-2.17.2 openssl-1_1-debugsource-1.1.1c-2.17.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1c-2.17.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1c-2.17.2 libopenssl1_1-debuginfo-1.1.1c-2.17.2 openssl-1_1-1.1.1c-2.17.2 openssl-1_1-debuginfo-1.1.1c-2.17.2 openssl-1_1-debugsource-1.1.1c-2.17.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_1-32bit-1.1.1c-2.17.2 libopenssl1_1-debuginfo-32bit-1.1.1c-2.17.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl1_1-1.1.1c-2.17.2 libopenssl1_1-32bit-1.1.1c-2.17.2 libopenssl1_1-debuginfo-1.1.1c-2.17.2 libopenssl1_1-debuginfo-32bit-1.1.1c-2.17.2 openssl-1_1-1.1.1c-2.17.2 openssl-1_1-debuginfo-1.1.1c-2.17.2 openssl-1_1-debugsource-1.1.1c-2.17.2 References: https://bugzilla.suse.com/1133925 https://bugzilla.suse.com/1135550 From sle-updates at lists.suse.com Tue Jul 2 13:18:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:18:30 +0200 (CEST) Subject: SUSE-RU-2019:1294-2: important: Recommended update for glib-networking Message-ID: <20190702191830.AE31AF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib-networking ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1294-2 Rating: important References: #1134795 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib-networking fixes the following issues: - Fix invalid TLS sessions when TLS 1.3 is used (bsc#1134795) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1294=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1294=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glib-networking-32bit-2.54.1-3.3.1 glib-networking-32bit-debuginfo-2.54.1-3.3.1 glib-networking-debugsource-2.54.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glib-networking-2.54.1-3.3.1 glib-networking-debuginfo-2.54.1-3.3.1 glib-networking-debugsource-2.54.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glib-networking-lang-2.54.1-3.3.1 References: https://bugzilla.suse.com/1134795 From sle-updates at lists.suse.com Tue Jul 2 13:19:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:19:10 +0200 (CEST) Subject: SUSE-RU-2019:1327-2: moderate: Recommended update for speech-dispatcher Message-ID: <20190702191910.572BCF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for speech-dispatcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1327-2 Rating: moderate References: #1129586 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for speech-dispatcher fixes the following issues: - Remove a work-around that was necessary in previous versions but since speech-dispatcher 0.8.4 no longer is. (bsc#1129586) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1327=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1327=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): speech-dispatcher-configure-0.8.8-3.6.3 speech-dispatcher-debuginfo-0.8.8-3.6.3 speech-dispatcher-debugsource-0.8.8-3.6.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libspeechd2-32bit-0.8.8-3.6.3 libspeechd2-32bit-debuginfo-0.8.8-3.6.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libspeechd-devel-0.8.8-3.6.3 libspeechd2-0.8.8-3.6.3 libspeechd2-debuginfo-0.8.8-3.6.3 python3-speechd-0.8.8-3.6.3 speech-dispatcher-0.8.8-3.6.3 speech-dispatcher-debuginfo-0.8.8-3.6.3 speech-dispatcher-debugsource-0.8.8-3.6.3 speech-dispatcher-module-espeak-0.8.8-3.6.3 speech-dispatcher-module-espeak-debuginfo-0.8.8-3.6.3 References: https://bugzilla.suse.com/1129586 From sle-updates at lists.suse.com Tue Jul 2 13:19:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:19:49 +0200 (CEST) Subject: SUSE-RU-2019:1258-2: moderate: Recommended update for postfix Message-ID: <20190702191949.1016BF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1258-2 Rating: moderate References: #1120110 #1120757 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postfix fixes the following issues: - Setting the security file permissions to "paranoid" could have caused postfix to hang (bsc#1120757) - postfix-files contained an incorrect path to postfix-ldap.so which resulted in an error when running postfix set-permissions (bsc#bsc#1120110) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1258=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1258=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1258=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-mysql-3.3.1-5.7.1 postfix-mysql-debuginfo-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-lmdb-3.3.1-5.7.1 postfix-lmdb-debuginfo-3.3.1-5.7.1 postfix-postgresql-3.3.1-5.7.1 postfix-postgresql-debuginfo-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-3.3.1-5.7.1 postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-devel-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postfix-doc-3.3.1-5.7.1 References: https://bugzilla.suse.com/1120110 https://bugzilla.suse.com/1120757 From sle-updates at lists.suse.com Tue Jul 2 13:20:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:20:43 +0200 (CEST) Subject: SUSE-RU-2019:1723-1: moderate: Recommended update for resource-agents Message-ID: <20190702192043.060F1F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1723-1 Rating: moderate References: #1137038 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - azure-events: Change message log level for the non action messages. Reduces the verbosity on the log when the RA has no events to process. The messages can still be seen using the verbose parameter. (bsc#1137038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1723=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.33.1 resource-agents-4.0.1+git.1495055229.643177f1-2.33.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.33.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.33.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.33.1 References: https://bugzilla.suse.com/1137038 From sle-updates at lists.suse.com Tue Jul 2 13:21:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:21:29 +0200 (CEST) Subject: SUSE-RU-2019:1726-1: moderate: Recommended update for nfs-utils Message-ID: <20190702192129.4D509F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1726-1 Rating: moderate References: #1116221 #1118371 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Improves the integration for systemd (bsc#1116221) - nfs.service will no longe rely on /etc/insserv.conf (bsc#1118371) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1726=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1726=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1726=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1726=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.15.1 nfs-client-debuginfo-1.3.0-34.15.1 nfs-doc-1.3.0-34.15.1 nfs-kernel-server-1.3.0-34.15.1 nfs-kernel-server-debuginfo-1.3.0-34.15.1 nfs-utils-debugsource-1.3.0-34.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.15.1 nfs-client-debuginfo-1.3.0-34.15.1 nfs-doc-1.3.0-34.15.1 nfs-kernel-server-1.3.0-34.15.1 nfs-kernel-server-debuginfo-1.3.0-34.15.1 nfs-utils-debugsource-1.3.0-34.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): nfs-client-1.3.0-34.15.1 nfs-client-debuginfo-1.3.0-34.15.1 nfs-kernel-server-1.3.0-34.15.1 nfs-kernel-server-debuginfo-1.3.0-34.15.1 nfs-utils-debugsource-1.3.0-34.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): nfs-client-1.3.0-34.15.1 nfs-client-debuginfo-1.3.0-34.15.1 nfs-kernel-server-1.3.0-34.15.1 nfs-kernel-server-debuginfo-1.3.0-34.15.1 nfs-utils-debugsource-1.3.0-34.15.1 - SUSE CaaS Platform 3.0 (x86_64): nfs-client-1.3.0-34.15.1 nfs-client-debuginfo-1.3.0-34.15.1 nfs-utils-debugsource-1.3.0-34.15.1 References: https://bugzilla.suse.com/1116221 https://bugzilla.suse.com/1118371 From sle-updates at lists.suse.com Tue Jul 2 13:12:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:12:17 +0200 (CEST) Subject: SUSE-SU-2019:1725-1: moderate: Security update for php7 Message-ID: <20190702191217.7DF5FF7C7@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1725-1 Rating: moderate References: #1119396 #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Other issue addressed: - Enable php7 testsuite (bsc#1119396 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1725=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1725=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1725=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-devel-7.0.7-50.80.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-devel-7.0.7-50.80.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.80.2 apache2-mod_php7-debuginfo-7.0.7-50.80.2 php7-7.0.7-50.80.2 php7-bcmath-7.0.7-50.80.2 php7-bcmath-debuginfo-7.0.7-50.80.2 php7-bz2-7.0.7-50.80.2 php7-bz2-debuginfo-7.0.7-50.80.2 php7-calendar-7.0.7-50.80.2 php7-calendar-debuginfo-7.0.7-50.80.2 php7-ctype-7.0.7-50.80.2 php7-ctype-debuginfo-7.0.7-50.80.2 php7-curl-7.0.7-50.80.2 php7-curl-debuginfo-7.0.7-50.80.2 php7-dba-7.0.7-50.80.2 php7-dba-debuginfo-7.0.7-50.80.2 php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-dom-7.0.7-50.80.2 php7-dom-debuginfo-7.0.7-50.80.2 php7-enchant-7.0.7-50.80.2 php7-enchant-debuginfo-7.0.7-50.80.2 php7-exif-7.0.7-50.80.2 php7-exif-debuginfo-7.0.7-50.80.2 php7-fastcgi-7.0.7-50.80.2 php7-fastcgi-debuginfo-7.0.7-50.80.2 php7-fileinfo-7.0.7-50.80.2 php7-fileinfo-debuginfo-7.0.7-50.80.2 php7-fpm-7.0.7-50.80.2 php7-fpm-debuginfo-7.0.7-50.80.2 php7-ftp-7.0.7-50.80.2 php7-ftp-debuginfo-7.0.7-50.80.2 php7-gd-7.0.7-50.80.2 php7-gd-debuginfo-7.0.7-50.80.2 php7-gettext-7.0.7-50.80.2 php7-gettext-debuginfo-7.0.7-50.80.2 php7-gmp-7.0.7-50.80.2 php7-gmp-debuginfo-7.0.7-50.80.2 php7-iconv-7.0.7-50.80.2 php7-iconv-debuginfo-7.0.7-50.80.2 php7-imap-7.0.7-50.80.2 php7-imap-debuginfo-7.0.7-50.80.2 php7-intl-7.0.7-50.80.2 php7-intl-debuginfo-7.0.7-50.80.2 php7-json-7.0.7-50.80.2 php7-json-debuginfo-7.0.7-50.80.2 php7-ldap-7.0.7-50.80.2 php7-ldap-debuginfo-7.0.7-50.80.2 php7-mbstring-7.0.7-50.80.2 php7-mbstring-debuginfo-7.0.7-50.80.2 php7-mcrypt-7.0.7-50.80.2 php7-mcrypt-debuginfo-7.0.7-50.80.2 php7-mysql-7.0.7-50.80.2 php7-mysql-debuginfo-7.0.7-50.80.2 php7-odbc-7.0.7-50.80.2 php7-odbc-debuginfo-7.0.7-50.80.2 php7-opcache-7.0.7-50.80.2 php7-opcache-debuginfo-7.0.7-50.80.2 php7-openssl-7.0.7-50.80.2 php7-openssl-debuginfo-7.0.7-50.80.2 php7-pcntl-7.0.7-50.80.2 php7-pcntl-debuginfo-7.0.7-50.80.2 php7-pdo-7.0.7-50.80.2 php7-pdo-debuginfo-7.0.7-50.80.2 php7-pgsql-7.0.7-50.80.2 php7-pgsql-debuginfo-7.0.7-50.80.2 php7-phar-7.0.7-50.80.2 php7-phar-debuginfo-7.0.7-50.80.2 php7-posix-7.0.7-50.80.2 php7-posix-debuginfo-7.0.7-50.80.2 php7-pspell-7.0.7-50.80.2 php7-pspell-debuginfo-7.0.7-50.80.2 php7-shmop-7.0.7-50.80.2 php7-shmop-debuginfo-7.0.7-50.80.2 php7-snmp-7.0.7-50.80.2 php7-snmp-debuginfo-7.0.7-50.80.2 php7-soap-7.0.7-50.80.2 php7-soap-debuginfo-7.0.7-50.80.2 php7-sockets-7.0.7-50.80.2 php7-sockets-debuginfo-7.0.7-50.80.2 php7-sqlite-7.0.7-50.80.2 php7-sqlite-debuginfo-7.0.7-50.80.2 php7-sysvmsg-7.0.7-50.80.2 php7-sysvmsg-debuginfo-7.0.7-50.80.2 php7-sysvsem-7.0.7-50.80.2 php7-sysvsem-debuginfo-7.0.7-50.80.2 php7-sysvshm-7.0.7-50.80.2 php7-sysvshm-debuginfo-7.0.7-50.80.2 php7-tokenizer-7.0.7-50.80.2 php7-tokenizer-debuginfo-7.0.7-50.80.2 php7-wddx-7.0.7-50.80.2 php7-wddx-debuginfo-7.0.7-50.80.2 php7-xmlreader-7.0.7-50.80.2 php7-xmlreader-debuginfo-7.0.7-50.80.2 php7-xmlrpc-7.0.7-50.80.2 php7-xmlrpc-debuginfo-7.0.7-50.80.2 php7-xmlwriter-7.0.7-50.80.2 php7-xmlwriter-debuginfo-7.0.7-50.80.2 php7-xsl-7.0.7-50.80.2 php7-xsl-debuginfo-7.0.7-50.80.2 php7-zip-7.0.7-50.80.2 php7-zip-debuginfo-7.0.7-50.80.2 php7-zlib-7.0.7-50.80.2 php7-zlib-debuginfo-7.0.7-50.80.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.80.2 php7-pear-Archive_Tar-7.0.7-50.80.2 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1119396 https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-updates at lists.suse.com Tue Jul 2 13:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:11:21 +0200 (CEST) Subject: SUSE-RU-2019:1727-1: moderate: Recommended update for ceph Message-ID: <20190702191122.00F8AF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1727-1 Rating: moderate References: #1133139 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph provides the following fixes: - rgw: Fix object expirer. (bsc#1133139) - spec: Add the ceph-qa-health-ok subpackage. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1727=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1727=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1727=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1727=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1727=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1727=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1727=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 librados-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 librados-devel-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 librados-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 librados-devel-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd-devel-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-base-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-base-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-fuse-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-fuse-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mds-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mds-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mgr-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mgr-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mon-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-mon-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-osd-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-osd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-radosgw-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-radosgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-ceph-compat-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-ceph-argparse-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python3-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-fuse-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-fuse-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-mirror-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-mirror-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-nbd-12.2.12+git.1557159481.20068e69f5-2.36.6 rbd-nbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-common-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 ceph-debugsource-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-12.2.12+git.1557159481.20068e69f5-2.36.6 libcephfs2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-12.2.12+git.1557159481.20068e69f5-2.36.6 librados2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-12.2.12+git.1557159481.20068e69f5-2.36.6 libradosstriper1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-12.2.12+git.1557159481.20068e69f5-2.36.6 librbd1-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-12.2.12+git.1557159481.20068e69f5-2.36.6 librgw2-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-12.2.12+git.1557159481.20068e69f5-2.36.6 python-cephfs-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rados-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rbd-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-12.2.12+git.1557159481.20068e69f5-2.36.6 python-rgw-debuginfo-12.2.12+git.1557159481.20068e69f5-2.36.6 References: https://bugzilla.suse.com/1133139 From sle-updates at lists.suse.com Tue Jul 2 13:13:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:13:13 +0200 (CEST) Subject: SUSE-RU-2019:1318-2: moderate: Recommended update for orc Message-ID: <20190702191313.2F2A8F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for orc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1318-2 Rating: moderate References: #1130085 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for orc does not fix any customer visible issues and does only address an issue with its test suite (bsc#1130085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1318=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1318=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1318=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 orc-doc-0.4.28-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): liborc-0_4-0-32bit-0.4.28-3.3.1 liborc-0_4-0-32bit-debuginfo-0.4.28-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): orc-0.4.28-3.3.1 orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): liborc-0_4-0-0.4.28-3.3.1 liborc-0_4-0-debuginfo-0.4.28-3.3.1 orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 References: https://bugzilla.suse.com/1130085 From sle-updates at lists.suse.com Tue Jul 2 13:14:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:14:38 +0200 (CEST) Subject: SUSE-RU-2019:1229-2: moderate: Recommended update for sensors Message-ID: <20190702191438.A6315F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sensors ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1229-2 Rating: moderate References: #1108468 #1116021 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sensors fixes the following issues: sensors was updated to version 3.5.0: The following changes were done: + soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary) + Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021). + Add the find-driver script for debugging. + Various documentation and man page improvements. + Fix various issues found by Coverity Scan. + Updated links in documentation to reflect the new home of lm_sensors. + sensors.1: Add reference to sensors-detect and document -j option (json output). + sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm. + sensors-detect changes: * Fix systemd paths. * Add detection of Fintek F81768. * Only probe I/O ports on x86. * Add detection of Nuvoton NCT6793D. * Add detection of Microchip MCP9808. * Mark F71868A as supported by the f71882fg driver. * Mark F81768D as supported by the f71882fg driver. * Mark F81866D as supported by the f71882fg driver. * Add detection of various ITE chips. * Add detection of Nuvoton NCT6795D. * Add detection of DDR4 SPD. * Add detection of ITE IT8987D. * Add detection of AMD Family 17h temperature sensors. * Add detection of AMD KERNCZ SMBus controller. * Add detection of various Intel SMBus controllers. * Add detection of Giantec GT30TS00. * Add detection of ONS CAT34TS02C and CAT34TS04. * Add detection of AMD Family 15h Model 60+ temperature sensors. * Add detection of Nuvoton NCT6796D. * Add detection of AMD Family 15h Model 70+ temperature sensors. + configs: Add sample configuration files. + sensors.conf.default: * Add hardwired inputs of NCT6795D * Add hardwired inputs of F71868A * Add hardwired NCT6796D inputs + vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh. + pwmconfig: replaced deprecated sub shell syntax. + fancontrol: replaced deprecated sub shell syntax, save original pwm values. + fancontrol.8: replaced deprecated sub shell syntax. + libsensors: * Add support for SENSORS_BUS_TYPE_SCSI, add support for power min, lcrit, min_alarm, lcrit_alarm. * Handle hwmon device with thermal device parent (bsc#1108468). - Undo unnecessary libsensors version bump. - Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1229=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1229=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): sensord-3.5.0-4.3.1 sensord-debuginfo-3.5.0-4.3.1 sensors-debuginfo-3.5.0-4.3.1 sensors-debugsource-3.5.0-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libsensors4-32bit-3.5.0-4.3.1 libsensors4-32bit-debuginfo-3.5.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le x86_64): libsensors4-3.5.0-4.3.1 libsensors4-debuginfo-3.5.0-4.3.1 libsensors4-devel-3.5.0-4.3.1 sensors-3.5.0-4.3.1 sensors-debuginfo-3.5.0-4.3.1 sensors-debugsource-3.5.0-4.3.1 References: https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1116021 From sle-updates at lists.suse.com Tue Jul 2 13:13:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:13:53 +0200 (CEST) Subject: SUSE-SU-2019:1724-1: moderate: Security update for php72 Message-ID: <20190702191353.9141FF7C7@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1724-1 Rating: moderate References: #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1724=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1724=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1724=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-devel-7.2.5-1.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-devel-7.2.5-1.20.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.20.2 apache2-mod_php72-debuginfo-7.2.5-1.20.2 php72-7.2.5-1.20.2 php72-bcmath-7.2.5-1.20.2 php72-bcmath-debuginfo-7.2.5-1.20.2 php72-bz2-7.2.5-1.20.2 php72-bz2-debuginfo-7.2.5-1.20.2 php72-calendar-7.2.5-1.20.2 php72-calendar-debuginfo-7.2.5-1.20.2 php72-ctype-7.2.5-1.20.2 php72-ctype-debuginfo-7.2.5-1.20.2 php72-curl-7.2.5-1.20.2 php72-curl-debuginfo-7.2.5-1.20.2 php72-dba-7.2.5-1.20.2 php72-dba-debuginfo-7.2.5-1.20.2 php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-dom-7.2.5-1.20.2 php72-dom-debuginfo-7.2.5-1.20.2 php72-enchant-7.2.5-1.20.2 php72-enchant-debuginfo-7.2.5-1.20.2 php72-exif-7.2.5-1.20.2 php72-exif-debuginfo-7.2.5-1.20.2 php72-fastcgi-7.2.5-1.20.2 php72-fastcgi-debuginfo-7.2.5-1.20.2 php72-fileinfo-7.2.5-1.20.2 php72-fileinfo-debuginfo-7.2.5-1.20.2 php72-fpm-7.2.5-1.20.2 php72-fpm-debuginfo-7.2.5-1.20.2 php72-ftp-7.2.5-1.20.2 php72-ftp-debuginfo-7.2.5-1.20.2 php72-gd-7.2.5-1.20.2 php72-gd-debuginfo-7.2.5-1.20.2 php72-gettext-7.2.5-1.20.2 php72-gettext-debuginfo-7.2.5-1.20.2 php72-gmp-7.2.5-1.20.2 php72-gmp-debuginfo-7.2.5-1.20.2 php72-iconv-7.2.5-1.20.2 php72-iconv-debuginfo-7.2.5-1.20.2 php72-imap-7.2.5-1.20.2 php72-imap-debuginfo-7.2.5-1.20.2 php72-intl-7.2.5-1.20.2 php72-intl-debuginfo-7.2.5-1.20.2 php72-json-7.2.5-1.20.2 php72-json-debuginfo-7.2.5-1.20.2 php72-ldap-7.2.5-1.20.2 php72-ldap-debuginfo-7.2.5-1.20.2 php72-mbstring-7.2.5-1.20.2 php72-mbstring-debuginfo-7.2.5-1.20.2 php72-mysql-7.2.5-1.20.2 php72-mysql-debuginfo-7.2.5-1.20.2 php72-odbc-7.2.5-1.20.2 php72-odbc-debuginfo-7.2.5-1.20.2 php72-opcache-7.2.5-1.20.2 php72-opcache-debuginfo-7.2.5-1.20.2 php72-openssl-7.2.5-1.20.2 php72-openssl-debuginfo-7.2.5-1.20.2 php72-pcntl-7.2.5-1.20.2 php72-pcntl-debuginfo-7.2.5-1.20.2 php72-pdo-7.2.5-1.20.2 php72-pdo-debuginfo-7.2.5-1.20.2 php72-pgsql-7.2.5-1.20.2 php72-pgsql-debuginfo-7.2.5-1.20.2 php72-phar-7.2.5-1.20.2 php72-phar-debuginfo-7.2.5-1.20.2 php72-posix-7.2.5-1.20.2 php72-posix-debuginfo-7.2.5-1.20.2 php72-pspell-7.2.5-1.20.2 php72-pspell-debuginfo-7.2.5-1.20.2 php72-readline-7.2.5-1.20.2 php72-readline-debuginfo-7.2.5-1.20.2 php72-shmop-7.2.5-1.20.2 php72-shmop-debuginfo-7.2.5-1.20.2 php72-snmp-7.2.5-1.20.2 php72-snmp-debuginfo-7.2.5-1.20.2 php72-soap-7.2.5-1.20.2 php72-soap-debuginfo-7.2.5-1.20.2 php72-sockets-7.2.5-1.20.2 php72-sockets-debuginfo-7.2.5-1.20.2 php72-sqlite-7.2.5-1.20.2 php72-sqlite-debuginfo-7.2.5-1.20.2 php72-sysvmsg-7.2.5-1.20.2 php72-sysvmsg-debuginfo-7.2.5-1.20.2 php72-sysvsem-7.2.5-1.20.2 php72-sysvsem-debuginfo-7.2.5-1.20.2 php72-sysvshm-7.2.5-1.20.2 php72-sysvshm-debuginfo-7.2.5-1.20.2 php72-tidy-7.2.5-1.20.2 php72-tidy-debuginfo-7.2.5-1.20.2 php72-tokenizer-7.2.5-1.20.2 php72-tokenizer-debuginfo-7.2.5-1.20.2 php72-wddx-7.2.5-1.20.2 php72-wddx-debuginfo-7.2.5-1.20.2 php72-xmlreader-7.2.5-1.20.2 php72-xmlreader-debuginfo-7.2.5-1.20.2 php72-xmlrpc-7.2.5-1.20.2 php72-xmlrpc-debuginfo-7.2.5-1.20.2 php72-xmlwriter-7.2.5-1.20.2 php72-xmlwriter-debuginfo-7.2.5-1.20.2 php72-xsl-7.2.5-1.20.2 php72-xsl-debuginfo-7.2.5-1.20.2 php72-zip-7.2.5-1.20.2 php72-zip-debuginfo-7.2.5-1.20.2 php72-zlib-7.2.5-1.20.2 php72-zlib-debuginfo-7.2.5-1.20.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.20.2 php72-pear-Archive_Tar-7.2.5-1.20.2 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-updates at lists.suse.com Tue Jul 2 16:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 00:11:03 +0200 (CEST) Subject: SUSE-SU-2019:1374-2: Security update for taglib Message-ID: <20190702221103.290CFF7C7@maintenance.suse.de> SUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1374-2 Rating: low References: #1096180 Cross-References: CVE-2018-11439 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1374=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1374=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1374=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libtag1-32bit-1.11.1-4.3.62 libtag1-32bit-debuginfo-1.11.1-4.3.62 libtag_c0-32bit-1.11.1-4.3.62 libtag_c0-32bit-debuginfo-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtag-devel-1.11.1-4.3.62 libtag_c0-1.11.1-4.3.62 libtag_c0-debuginfo-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtag1-1.11.1-4.3.62 libtag1-debuginfo-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 References: https://www.suse.com/security/cve/CVE-2018-11439.html https://bugzilla.suse.com/1096180 From sle-updates at lists.suse.com Wed Jul 3 01:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 09:11:03 +0200 (CEST) Subject: SUSE-RU-2019:1403-2: moderate: Recommended update for fio Message-ID: <20190703071103.A0DFEF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for fio ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1403-2 Rating: moderate References: #1129706 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the performance measurement tool "fio" to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1403=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1403=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): fio-3.4-4.2.4 fio-debuginfo-3.4-4.2.4 fio-debugsource-3.4-4.2.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 x86_64): fio-3.4-4.2.4 fio-debuginfo-3.4-4.2.4 fio-debugsource-3.4-4.2.4 References: https://bugzilla.suse.com/1129706 From sle-updates at lists.suse.com Wed Jul 3 07:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:11:02 +0200 (CEST) Subject: SUSE-SU-2019:1731-1: moderate: Security update for python-Twisted Message-ID: <20190703131102.D1E4EF7C7@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1731-1 Rating: moderate References: #1137825 Cross-References: CVE-2019-12387 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1731=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1731=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.3.4 python-Twisted-debugsource-17.9.0-3.3.4 python-Twisted-doc-17.9.0-3.3.4 python2-Twisted-17.9.0-3.3.4 python2-Twisted-debuginfo-17.9.0-3.3.4 python3-Twisted-17.9.0-3.3.4 python3-Twisted-debuginfo-17.9.0-3.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.3.4 python-Twisted-debugsource-17.9.0-3.3.4 python-Twisted-doc-17.9.0-3.3.4 python2-Twisted-17.9.0-3.3.4 python2-Twisted-debuginfo-17.9.0-3.3.4 python3-Twisted-17.9.0-3.3.4 python3-Twisted-debuginfo-17.9.0-3.3.4 References: https://www.suse.com/security/cve/CVE-2019-12387.html https://bugzilla.suse.com/1137825 From sle-updates at lists.suse.com Wed Jul 3 07:11:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:11:42 +0200 (CEST) Subject: SUSE-SU-2019:1290-2: moderate: Security update for nmap Message-ID: <20190703131142.C2DB9F7C7@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1290-2 Rating: moderate References: #1104139 #1133512 Cross-References: CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting (bsc#1133512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1290=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1290=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.5.1 ncat-debuginfo-7.70-3.5.1 ndiff-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 nping-7.70-3.5.1 nping-debuginfo-7.70-3.5.1 zenmap-7.70-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1104139 https://bugzilla.suse.com/1133512 From sle-updates at lists.suse.com Wed Jul 3 07:12:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:12:30 +0200 (CEST) Subject: SUSE-SU-2019:1206-2: Security update for bzip2 Message-ID: <20190703131230.42EF0F7C7@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1206-2 Rating: low References: #985657 Cross-References: CVE-2016-3189 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1206=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1206=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bzip2-debugsource-1.0.6-5.3.1 libbz2-devel-32bit-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bzip2-doc-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.3.1 bzip2-debuginfo-1.0.6-5.3.1 bzip2-debugsource-1.0.6-5.3.1 libbz2-1-1.0.6-5.3.1 libbz2-1-debuginfo-1.0.6-5.3.1 libbz2-devel-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libbz2-1-32bit-1.0.6-5.3.1 libbz2-1-32bit-debuginfo-1.0.6-5.3.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://bugzilla.suse.com/985657 From sle-updates at lists.suse.com Wed Jul 3 07:13:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:13:53 +0200 (CEST) Subject: SUSE-RU-2019:1730-1: moderate: Recommended update for obs-service-replace_using_package_version Message-ID: <20190703131353.C7E9AF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-replace_using_package_version ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1730-1 Rating: moderate References: #1139343 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-replace_using_package_version fixes the following issues: - New patch_update and offset parameters. (bsc#1139343) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1730=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1730=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): obs-service-replace_using_package_version-0.0.3-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): obs-service-replace_using_package_version-0.0.3-3.6.1 References: https://bugzilla.suse.com/1139343 From sle-updates at lists.suse.com Wed Jul 3 07:13:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:13:11 +0200 (CEST) Subject: SUSE-SU-2019:1372-2: moderate: Security update for libtasn1 Message-ID: <20190703131311.C55A7F7C7@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1372-2 Rating: moderate References: #1105435 Cross-References: CVE-2018-1000654 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1372=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1372=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libtasn1-debugsource-4.13-4.5.1 libtasn1-devel-32bit-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-4.5.1 libtasn1-6-4.13-4.5.1 libtasn1-6-debuginfo-4.13-4.5.1 libtasn1-debuginfo-4.13-4.5.1 libtasn1-debugsource-4.13-4.5.1 libtasn1-devel-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libtasn1-6-32bit-4.13-4.5.1 libtasn1-6-32bit-debuginfo-4.13-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-1000654.html https://bugzilla.suse.com/1105435 From sle-updates at lists.suse.com Wed Jul 3 07:14:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:14:31 +0200 (CEST) Subject: SUSE-SU-2019:1389-2: Security update for cronie Message-ID: <20190703131431.C4C3EF7C7@maintenance.suse.de> SUSE Security Update: Security update for cronie ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1389-2 Rating: low References: #1128935 #1128937 #1130746 #1133100 Cross-References: CVE-2019-9704 CVE-2019-9705 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1389=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1389=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cronie-anacron-1.5.1-6.7.1 cronie-anacron-debuginfo-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cron-4.2-6.7.1 cronie-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 References: https://www.suse.com/security/cve/CVE-2019-9704.html https://www.suse.com/security/cve/CVE-2019-9705.html https://bugzilla.suse.com/1128935 https://bugzilla.suse.com/1128937 https://bugzilla.suse.com/1130746 https://bugzilla.suse.com/1133100 From sle-updates at lists.suse.com Wed Jul 3 07:15:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:15:35 +0200 (CEST) Subject: SUSE-RU-2019:1732-1: moderate: Recommended update for go1.12 Message-ID: <20190703131535.7B628F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1732-1 Rating: moderate References: #1121397 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.12 to version 1.12.6 fixes the following issues: - cmd/compile: 'autogenerated':1: symbol listed multiple times for same type across multiple packages - cmd/compile: sparse slices with struct items are not initialized - cmd/go: accept -Wl,-R,path - cmd/go: go directive is not only added during go mod init, but also under other conditions that are hard to deduce - cmd/go: go get -x prints to stdout - cmd/go: MacOS binaries invalid for eventual Apple Notary - cmd/go: module loader fails to resolve imports within symlinked source file - cmd/go: pseudoversions can refer to external commits - cmd/go: tests failing on linux-amd64-longtest - cmd/link: fix deferreturn detector - cmd/link: ppc64 broken NeedsFix - cmd/vet: Consider reverting tag conflict for embedded fields - cmd/vet: possible to get a printf false positive with big.Int - crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots - net/http: make Transport ignore 408 timeout messages from server - os.RemoveAll failing silently in go 1.12.2 when removing non-empty directories at / - runtime: high-percentile latency of memory allocations has regressed significantly - runtime: treap implementation of find() doesn't return the best-fit span - syscall: Windows user32 function (SendInput) behaves incorrectly when called within golang environment - x/build/cmd/gopherbot: gopherbot needs human intervention Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1732=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1732=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.12-1.12.6-1.12.1 go1.12-doc-1.12.6-1.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go1.12-race-1.12.6-1.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.12-1.12.6-1.12.1 go1.12-doc-1.12.6-1.12.1 References: https://bugzilla.suse.com/1121397 From sle-updates at lists.suse.com Wed Jul 3 10:12:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 18:12:25 +0200 (CEST) Subject: SUSE-SU-2019:1733-1: Security update for elfutils Message-ID: <20190703161225.AE157F7C7@maintenance.suse.de> SUSE Security Update: Security update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1733-1 Rating: low References: #1030472 #1030476 #1033084 #1033085 #1033087 #1033088 #1033089 #1033090 #1106390 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 Cross-References: CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1733=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1733=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1733=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1733=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1733=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1733=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1733=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm-devel-0.158-7.7.2 libdw-devel-0.158-7.7.2 libebl-devel-0.158-7.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm-devel-0.158-7.7.2 libdw-devel-0.158-7.7.2 libebl-devel-0.158-7.7.2 libelf-devel-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libelf-devel-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libasm1-32bit-0.158-7.7.2 libasm1-debuginfo-32bit-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasm1-32bit-0.158-7.7.2 libasm1-debuginfo-32bit-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf-devel-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE CaaS Platform 3.0 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 References: https://www.suse.com/security/cve/CVE-2016-10254.html https://www.suse.com/security/cve/CVE-2016-10255.html https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1030472 https://bugzilla.suse.com/1030476 https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 From sle-updates at lists.suse.com Wed Jul 3 13:11:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Jul 2019 21:11:08 +0200 (CEST) Subject: SUSE-RU-2019:1734-1: moderate: Recommended update for helm Message-ID: <20190703191108.19493FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for helm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1734-1 Rating: moderate References: #1127331 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue: * using the '--server --short' flags by adding additional check on the length of the commit name leads to issues. (bsc#1127331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): helm-2.8.2-3.6.1 References: https://bugzilla.suse.com/1127331 From sle-updates at lists.suse.com Wed Jul 3 16:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:11:16 +0200 (CEST) Subject: SUSE-RU-2019:1735-1: moderate: Recommended update for resource-agents Message-ID: <20190703221116.ABA2BFFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1735-1 Rating: moderate References: #1131793 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - galera: Allow empty password for "check_passwd" parameter. (bsc#1131793) - galera: Log message when changing content of grastate.dat file. (bsc#1131793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1735=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.36.1 resource-agents-4.0.1+git.1495055229.643177f1-2.36.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.36.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.36.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.36.1 References: https://bugzilla.suse.com/1131793 From sle-updates at lists.suse.com Wed Jul 3 16:12:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:12:01 +0200 (CEST) Subject: SUSE-RU-2019:1376-2: Recommended update for openal-soft Message-ID: <20190703221201.E8A6FFFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for openal-soft ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1376-2 Rating: low References: #1131808 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openal-soft provides the following fixes: - Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1376=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1376=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenal0-1.17.2-3.7.41 libopenal0-debuginfo-1.17.2-3.7.41 openal-soft-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libopenal0-32bit-1.17.2-3.7.41 libopenal0-32bit-debuginfo-1.17.2-3.7.41 libopenal1-32bit-1.17.2-3.7.41 libopenal1-32bit-debuginfo-1.17.2-3.7.41 openal-soft-devel-32bit-1.17.2-3.7.41 openal-soft-devel-32bit-debuginfo-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libopenal1-1.17.2-3.7.41 libopenal1-debuginfo-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 openal-soft-devel-1.17.2-3.7.41 openal-soft-devel-debuginfo-1.17.2-3.7.41 References: https://bugzilla.suse.com/1131808 From sle-updates at lists.suse.com Wed Jul 3 16:13:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:13:35 +0200 (CEST) Subject: SUSE-RU-2019:1301-2: moderate: Recommended update for libguestfs Message-ID: <20190703221335.552E7FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1301-2 Rating: moderate References: #1131342 #1132790 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libguestfs fixes the following issues: - Fixes an issue where the --uninstall option of virt-customize didn't work as expected (bsc#1131342) - Fixes an issue with virt-customize in SLES and openSUSE guests (bsc#1132790) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1301=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1301=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1301=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): guestfs-data-1.38.0-5.5.8 guestfs-tools-1.38.0-5.5.8 guestfs-tools-debuginfo-1.38.0-5.5.8 guestfs-winsupport-1.38.0-5.5.8 guestfsd-1.38.0-5.5.8 guestfsd-debuginfo-1.38.0-5.5.8 libguestfs-debugsource-1.38.0-5.5.8 libguestfs-devel-1.38.0-5.5.8 libguestfs0-1.38.0-5.5.8 libguestfs0-debuginfo-1.38.0-5.5.8 perl-Sys-Guestfs-1.38.0-5.5.8 perl-Sys-Guestfs-debuginfo-1.38.0-5.5.8 python3-libguestfs-1.38.0-5.5.8 python3-libguestfs-debuginfo-1.38.0-5.5.8 virt-v2v-1.38.0-5.5.8 virt-v2v-debuginfo-1.38.0-5.5.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.38.0-5.5.8 libguestfs-test-1.38.0-5.5.8 lua-libguestfs-1.38.0-5.5.8 lua-libguestfs-debuginfo-1.38.0-5.5.8 ocaml-libguestfs-1.38.0-5.5.8 ocaml-libguestfs-debuginfo-1.38.0-5.5.8 python2-libguestfs-1.38.0-5.5.8 python2-libguestfs-debuginfo-1.38.0-5.5.8 rubygem-libguestfs-1.38.0-5.5.8 rubygem-libguestfs-debuginfo-1.38.0-5.5.8 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.38.0-5.5.8 ocaml-libguestfs-devel-1.38.0-5.5.8 References: https://bugzilla.suse.com/1131342 https://bugzilla.suse.com/1132790 From sle-updates at lists.suse.com Wed Jul 3 16:12:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:12:45 +0200 (CEST) Subject: SUSE-RU-2019:1393-2: moderate: Recommended update for pesign Message-ID: <20190703221245.DDA84FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1393-2 Rating: moderate References: #1130588 #1134670 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pesign fixes the following issues: - Enable build on %arm as we can sign kernel on %arm (bsc#1134670) - Require shadow instead of old pwdutils (bsc#192328) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1393=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 x86_64): pesign-0.112-4.3.1 pesign-debuginfo-0.112-4.3.1 pesign-debugsource-0.112-4.3.1 References: https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1134670 From sle-updates at lists.suse.com Wed Jul 3 16:14:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:14:25 +0200 (CEST) Subject: SUSE-RU-2019:1738-1: moderate: Recommended update for rdma-core Message-ID: <20190703221425.B0797FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rdma-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1738-1 Rating: moderate References: #1049515 #1058504 #1060413 #1072884 #1086910 #1093170 #996146 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for rdma-core fixes the following issues: - Update rdma-core (bsc#996146) - suse: fix dracut support - mlx5: Fix masking service level in mlx5_create_ah - cmake: Explicitly convert build type to be STRING - libhns: Bugfix for filtering zero length sge - buildlib: Ensure stanza is properly sorted - mlx4: Allow loopback when using raw Ethernet QP - travis: Change SuSE package target due to Travis CI failures - cbuild: fix tumbleweed docker image - libhns: Bugfix for using buffer length - mlx5: Fix incorrect error handling when SQ wqe count is 0 - mlx5: Fix SL to Ethernet priority conversion - travis: Fix travis failures - verbs: If the uverbs module is not loaded allow get_devices to retry init - mlx5: Fix flow tag mask - rxe: fix rxe compilation with newer kernels - Revert "buildlib: pick leap over tumbleweed" - buildlib: pick leap over tumbleweed - mlx5: Fix compilation on 32 bit systems when sse3 is on - mlx5: Allocate huge page chunks only when needed - rxe: Do not use _sockaddr in struct rxe_av - rxe: Remove duplicate include - Update rdma-core with backport fixes: - buildilb: Fix -msse breakage on ARM builds - buildlib: Use -msse if the compiler does not support target(sse) (bsc#1086910) - suse: do not call %service rules on a template file (bsc#1093170) - mlx5: Convert ah_attr static rate to mlx5 static rate - ccan: Add array_size.h file - iwpmd: Initialize address of sockaddr - mlx5: Fix need_uuar_lock when there are no medium bfregs - verbs: Fix wrong clean up flow in ibv_rc_pingpong - Match kernel ABI to for 4.17 for 32 bit - librdmacm: Set errno correctly if status is positive - verbs: Remove bogus cq_fd - verbs: Fix typo in copying IBV_FLOW_SPEC_UDP/TCP 'val' - SRP daemon not handling SM changes. (bsc#1072884, bsc#1049515) - Remove dracut requirement. (bsc#1058504) - Includes Broadcom patches. (bsc#1060413) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1738=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1738=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): ibacm-16.9-5.3.1 ibacm-debuginfo-16.9-5.3.1 iwpmd-16.9-5.3.1 iwpmd-debuginfo-16.9-5.3.1 libibverbs-utils-16.9-5.3.1 libibverbs-utils-debuginfo-16.9-5.3.1 librdmacm-utils-16.9-5.3.1 librdmacm-utils-debuginfo-16.9-5.3.1 rdma-core-debugsource-16.9-5.3.1 rdma-ndd-16.9-5.3.1 rdma-ndd-debuginfo-16.9-5.3.1 srp_daemon-16.9-5.3.1 srp_daemon-debuginfo-16.9-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libibumad3-16.9-5.3.1 libibumad3-debuginfo-16.9-5.3.1 libibverbs-16.9-5.3.1 libibverbs-debuginfo-16.9-5.3.1 libibverbs1-16.9-5.3.1 libibverbs1-debuginfo-16.9-5.3.1 libmlx4-1-16.9-5.3.1 libmlx4-1-debuginfo-16.9-5.3.1 libmlx5-1-16.9-5.3.1 libmlx5-1-debuginfo-16.9-5.3.1 librdmacm1-16.9-5.3.1 librdmacm1-debuginfo-16.9-5.3.1 rdma-core-16.9-5.3.1 rdma-core-debugsource-16.9-5.3.1 rdma-core-devel-16.9-5.3.1 rsocket-16.9-5.3.1 rsocket-debuginfo-16.9-5.3.1 References: https://bugzilla.suse.com/1049515 https://bugzilla.suse.com/1058504 https://bugzilla.suse.com/1060413 https://bugzilla.suse.com/1072884 https://bugzilla.suse.com/1086910 https://bugzilla.suse.com/1093170 https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Wed Jul 3 16:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:16:06 +0200 (CEST) Subject: SUSE-RU-2019:1395-2: moderate: Recommended update for mozc Message-ID: <20190703221606.7E118FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1395-2 Rating: moderate References: #1132450 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozc fixes the following issues: - Update to support the Japanese new era, Reiwa (bsc#1132450) - Update zip code dictionary Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1395=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1395=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): ibus-mozc-candidate-window-2.18.2612.102-4.3.1 ibus-mozc-candidate-window-debuginfo-2.18.2612.102-4.3.1 mozc-debuginfo-2.18.2612.102-4.3.1 mozc-debugsource-2.18.2612.102-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): ibus-mozc-2.18.2612.102-4.3.1 ibus-mozc-debuginfo-2.18.2612.102-4.3.1 mozc-2.18.2612.102-4.3.1 mozc-debuginfo-2.18.2612.102-4.3.1 mozc-debugsource-2.18.2612.102-4.3.1 mozc-gui-tools-2.18.2612.102-4.3.1 mozc-gui-tools-debuginfo-2.18.2612.102-4.3.1 References: https://bugzilla.suse.com/1132450 From sle-updates at lists.suse.com Wed Jul 3 16:16:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:16:49 +0200 (CEST) Subject: SUSE-RU-2019:1741-1: moderate: Recommended update for perl-Tk Message-ID: <20190703221649.E3C6EFFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Tk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1741-1 Rating: moderate References: #1134134 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Tk fixes the following issues: - Tk::Photo importer fails on some XPM files. (bsc#1134134) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1741=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1741=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1741=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1741=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perl-Tk-debuginfo-804.034-3.3.1 perl-Tk-debugsource-804.034-3.3.1 perl-Tk-devel-804.034-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): perl-Tk-debuginfo-804.034-3.3.1 perl-Tk-debugsource-804.034-3.3.1 perl-Tk-devel-804.034-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): perl-Tk-804.034-3.3.1 perl-Tk-debuginfo-804.034-3.3.1 perl-Tk-debugsource-804.034-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): perl-Tk-804.034-3.3.1 perl-Tk-debuginfo-804.034-3.3.1 perl-Tk-debugsource-804.034-3.3.1 References: https://bugzilla.suse.com/1134134 From sle-updates at lists.suse.com Wed Jul 3 16:17:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:17:32 +0200 (CEST) Subject: SUSE-RU-2019:1737-1: moderate: Recommended update for rdma-core Message-ID: <20190703221732.8B2F2FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rdma-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1737-1 Rating: moderate References: #996146 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rdma-core fixes the following issues: - Fix man page of mlx5dv_create_flow_action_modify_header. (bsc#996146) - Fix libhns flush cqe in case multi-process. (bsc#996146) - Fix ibacm: acme does not work if server_mode is not unix. (bsc#996146) - Fix verbs: The ibv_xsrq_pingpong "-c" option is broken. (bsc#996146) - Fix mlx5: Fix masking service level in mlx5_create_ah. (bsc#996146) - Fix cmake: Explicitly convert build type to be STRING. (bsc#996146) - Fix libhns: Bugfix for filtering zero length sge. (bsc#996146) - Fix buildlib: Ensure stanza is properly sorted. (bsc#996146) - Fix debian: Create empty pyverbs package for builds without pyverbs. (bsc#996146) - Fix verbs: Fix attribute returning. (bsc#996146) - Fix build: Fix pyverbs build issues on Debian. (bsc#996146) - Fix travis: Change SuSE package target due to Travis CI failures. (bsc#996146) - Fix verbs: Avoid inline send when using device memory in rc_pingpong. (bsc#996146) - Fix mlx5: Use copy loop to read from device memory. (bsc#996146) - Fix verbs: clear cmd buffer when creating indirection table. (bsc#996146) - Fix libhns: Bugfix for using buffer length. (bsc#996146) - Fix incorrect error handling when SQ wqe count is 0. (bsc#996146) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1737=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1737=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1737=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ibacm-22.3-4.3.1 ibacm-debuginfo-22.3-4.3.1 iwpmd-22.3-4.3.1 iwpmd-debuginfo-22.3-4.3.1 libibverbs-utils-22.3-4.3.1 libibverbs-utils-debuginfo-22.3-4.3.1 librdmacm-utils-22.3-4.3.1 librdmacm-utils-debuginfo-22.3-4.3.1 rdma-core-debugsource-22.3-4.3.1 rdma-ndd-22.3-4.3.1 rdma-ndd-debuginfo-22.3-4.3.1 srp_daemon-22.3-4.3.1 srp_daemon-debuginfo-22.3-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libibumad3-32bit-22.3-4.3.1 libibumad3-32bit-debuginfo-22.3-4.3.1 libibverbs-32bit-22.3-4.3.1 libibverbs-32bit-debuginfo-22.3-4.3.1 libibverbs1-32bit-22.3-4.3.1 libibverbs1-32bit-debuginfo-22.3-4.3.1 libmlx4-1-32bit-22.3-4.3.1 libmlx4-1-32bit-debuginfo-22.3-4.3.1 libmlx5-1-32bit-22.3-4.3.1 libmlx5-1-32bit-debuginfo-22.3-4.3.1 librdmacm1-32bit-22.3-4.3.1 librdmacm1-32bit-debuginfo-22.3-4.3.1 rdma-core-debugsource-22.3-4.3.1 rdma-core-devel-32bit-22.3-4.3.1 rsocket-32bit-22.3-4.3.1 rsocket-32bit-debuginfo-22.3-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libibumad3-22.3-4.3.1 libibumad3-debuginfo-22.3-4.3.1 libibverbs-22.3-4.3.1 libibverbs-debuginfo-22.3-4.3.1 libibverbs1-22.3-4.3.1 libibverbs1-debuginfo-22.3-4.3.1 libmlx4-1-22.3-4.3.1 libmlx4-1-debuginfo-22.3-4.3.1 libmlx5-1-22.3-4.3.1 libmlx5-1-debuginfo-22.3-4.3.1 librdmacm1-22.3-4.3.1 librdmacm1-debuginfo-22.3-4.3.1 rdma-core-22.3-4.3.1 rdma-core-debugsource-22.3-4.3.1 rdma-core-devel-22.3-4.3.1 rsocket-22.3-4.3.1 rsocket-debuginfo-22.3-4.3.1 References: https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Wed Jul 3 16:18:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:18:14 +0200 (CEST) Subject: SUSE-RU-2019:1739-1: moderate: Recommended update for rdma-core Message-ID: <20190703221814.279E6FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rdma-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1739-1 Rating: moderate References: #996146 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rdma-core fixes the following issues: - Fix suse: fix dracut support. (bsc#996146) - Fix mlx5: Fix masking service level in mlx5_create_ah. (bsc#996146) - Fix cmake: Explicitly convert build type to be STRING. (bsc#996146) - Fix libhns: Bugfix for filtering zero length sge. (bsc#996146) - Fix buildlib: Ensure stanza is properly sorted. (bsc#996146) - Fix mlx4: Allow loopback when using raw Ethernet QP. (bsc#996146) - Fix travis: Change SuSE package target due to Travis CI failures.(bsc#996146) - Fix cbuild: fix tumbleweed docker image. (bsc#996146) - Fix libhns: Bugfix for using buffer length. (bsc#996146) - Fix mlx5: Fix incorrect error handling when SQ wqe count is 0. (bsc#996146) - Fix mlx5: Fix SL to Ethernet priority conversion. (bsc#996146) - Fix travis: Fix travis failures. (bsc#996146) - Fix verbs: If the uverbs module is not loaded allow get_devices to retry init. (bsc#996146) - Fix mlx5: Fix flow tag mask. (bsc#996146) - Fix rxe: fix rxe compilation with newer kernels. (bsc#996146) - Revert "buildlib: pick leap over tumbleweed". (bsc#996146) - Fix buildlib: pick leap over tumbleweed. (bsc#996146) - Fix mlx5: Fix compilation on 32 bit systems when sse3 is on. (bsc#996146) - Fix mlx5: Allocate huge page chunks only when needed. (bsc#996146) - Fix rxe: Do not use _sockaddr in struct rxe_av. (bsc#996146) - Fix rxe: Remove duplicate include. (bsc#996146) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1739=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1739=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1739=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): rdma-core-debugsource-16.9-3.3.1 rdma-core-devel-16.9-3.3.1 rsocket-16.9-3.3.1 rsocket-debuginfo-16.9-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ibacm-16.9-3.3.1 ibacm-debuginfo-16.9-3.3.1 iwpmd-16.9-3.3.1 iwpmd-debuginfo-16.9-3.3.1 libibumad3-16.9-3.3.1 libibumad3-debuginfo-16.9-3.3.1 libibverbs-16.9-3.3.1 libibverbs-debuginfo-16.9-3.3.1 libibverbs-utils-16.9-3.3.1 libibverbs-utils-debuginfo-16.9-3.3.1 libibverbs1-16.9-3.3.1 libibverbs1-debuginfo-16.9-3.3.1 libmlx4-1-16.9-3.3.1 libmlx4-1-debuginfo-16.9-3.3.1 libmlx5-1-16.9-3.3.1 libmlx5-1-debuginfo-16.9-3.3.1 librdmacm-utils-16.9-3.3.1 librdmacm-utils-debuginfo-16.9-3.3.1 librdmacm1-16.9-3.3.1 librdmacm1-debuginfo-16.9-3.3.1 rdma-core-16.9-3.3.1 rdma-core-debugsource-16.9-3.3.1 rdma-ndd-16.9-3.3.1 rdma-ndd-debuginfo-16.9-3.3.1 srp_daemon-16.9-3.3.1 srp_daemon-debuginfo-16.9-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libibumad3-32bit-16.9-3.3.1 libibumad3-debuginfo-32bit-16.9-3.3.1 libibverbs1-32bit-16.9-3.3.1 libibverbs1-debuginfo-32bit-16.9-3.3.1 librdmacm1-32bit-16.9-3.3.1 librdmacm1-debuginfo-32bit-16.9-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libibverbs-16.9-3.3.1 libibverbs-debuginfo-16.9-3.3.1 libibverbs1-16.9-3.3.1 libibverbs1-debuginfo-16.9-3.3.1 libmlx4-1-16.9-3.3.1 libmlx4-1-debuginfo-16.9-3.3.1 libmlx5-1-16.9-3.3.1 libmlx5-1-debuginfo-16.9-3.3.1 librdmacm1-16.9-3.3.1 librdmacm1-debuginfo-16.9-3.3.1 rdma-core-16.9-3.3.1 rdma-core-debugsource-16.9-3.3.1 References: https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Wed Jul 3 16:18:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:18:55 +0200 (CEST) Subject: SUSE-RU-2019:1302-2: moderate: Recommended update for monitoring-plugins Message-ID: <20190703221855.D27A2FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for monitoring-plugins ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1302-2 Rating: moderate References: #1132350 #1132903 #1133107 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for monitoring-plugins fixes the following issues: - update AppArmor profiles for usrMerge (related to bsc#1132350) - grep in check_cups - ps in check_procs and check_procs.sle15 - update usr.lib.nagios.plugins.check_procs to bash in /usr - support IPv4 ping for dual stacked host again (bsc#1132903) - update usr.lib.nagios.plugins.check_procs again for sle15 and above so that ptrace is allowed (bsc#1133107) - add /etc/nrpe.d/*.cfg snipplets - copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. "ptrace" to enable ptrace globally is needed here. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1302=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1302=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): monitoring-plugins-2.2-3.3.1 monitoring-plugins-all-2.2-3.3.1 monitoring-plugins-breeze-2.2-3.3.1 monitoring-plugins-by_ssh-2.2-3.3.1 monitoring-plugins-by_ssh-debuginfo-2.2-3.3.1 monitoring-plugins-cluster-2.2-3.3.1 monitoring-plugins-cluster-debuginfo-2.2-3.3.1 monitoring-plugins-common-2.2-3.3.1 monitoring-plugins-common-debuginfo-2.2-3.3.1 monitoring-plugins-cups-2.2-3.3.1 monitoring-plugins-dbi-2.2-3.3.1 monitoring-plugins-dbi-debuginfo-2.2-3.3.1 monitoring-plugins-dbi-mysql-2.2-3.3.1 monitoring-plugins-dbi-pgsql-2.2-3.3.1 monitoring-plugins-dbi-sqlite3-2.2-3.3.1 monitoring-plugins-debuginfo-2.2-3.3.1 monitoring-plugins-debugsource-2.2-3.3.1 monitoring-plugins-dhcp-2.2-3.3.1 monitoring-plugins-dhcp-debuginfo-2.2-3.3.1 monitoring-plugins-dig-2.2-3.3.1 monitoring-plugins-dig-debuginfo-2.2-3.3.1 monitoring-plugins-disk-2.2-3.3.1 monitoring-plugins-disk-debuginfo-2.2-3.3.1 monitoring-plugins-disk_smb-2.2-3.3.1 monitoring-plugins-dns-2.2-3.3.1 monitoring-plugins-dns-debuginfo-2.2-3.3.1 monitoring-plugins-dummy-2.2-3.3.1 monitoring-plugins-dummy-debuginfo-2.2-3.3.1 monitoring-plugins-extras-2.2-3.3.1 monitoring-plugins-file_age-2.2-3.3.1 monitoring-plugins-flexlm-2.2-3.3.1 monitoring-plugins-hpjd-2.2-3.3.1 monitoring-plugins-hpjd-debuginfo-2.2-3.3.1 monitoring-plugins-icmp-2.2-3.3.1 monitoring-plugins-icmp-debuginfo-2.2-3.3.1 monitoring-plugins-ide_smart-2.2-3.3.1 monitoring-plugins-ide_smart-debuginfo-2.2-3.3.1 monitoring-plugins-ifoperstatus-2.2-3.3.1 monitoring-plugins-ifstatus-2.2-3.3.1 monitoring-plugins-ircd-2.2-3.3.1 monitoring-plugins-load-2.2-3.3.1 monitoring-plugins-load-debuginfo-2.2-3.3.1 monitoring-plugins-log-2.2-3.3.1 monitoring-plugins-mailq-2.2-3.3.1 monitoring-plugins-mrtg-2.2-3.3.1 monitoring-plugins-mrtg-debuginfo-2.2-3.3.1 monitoring-plugins-mrtgtraf-2.2-3.3.1 monitoring-plugins-mrtgtraf-debuginfo-2.2-3.3.1 monitoring-plugins-nagios-2.2-3.3.1 monitoring-plugins-nagios-debuginfo-2.2-3.3.1 monitoring-plugins-nt-2.2-3.3.1 monitoring-plugins-nt-debuginfo-2.2-3.3.1 monitoring-plugins-ntp_peer-2.2-3.3.1 monitoring-plugins-ntp_peer-debuginfo-2.2-3.3.1 monitoring-plugins-ntp_time-2.2-3.3.1 monitoring-plugins-ntp_time-debuginfo-2.2-3.3.1 monitoring-plugins-nwstat-2.2-3.3.1 monitoring-plugins-nwstat-debuginfo-2.2-3.3.1 monitoring-plugins-oracle-2.2-3.3.1 monitoring-plugins-overcr-2.2-3.3.1 monitoring-plugins-overcr-debuginfo-2.2-3.3.1 monitoring-plugins-ping-2.2-3.3.1 monitoring-plugins-ping-debuginfo-2.2-3.3.1 monitoring-plugins-procs-2.2-3.3.1 monitoring-plugins-procs-debuginfo-2.2-3.3.1 monitoring-plugins-radius-2.2-3.3.1 monitoring-plugins-radius-debuginfo-2.2-3.3.1 monitoring-plugins-real-2.2-3.3.1 monitoring-plugins-real-debuginfo-2.2-3.3.1 monitoring-plugins-rpc-2.2-3.3.1 monitoring-plugins-smtp-2.2-3.3.1 monitoring-plugins-smtp-debuginfo-2.2-3.3.1 monitoring-plugins-snmp-2.2-3.3.1 monitoring-plugins-snmp-debuginfo-2.2-3.3.1 monitoring-plugins-ssh-2.2-3.3.1 monitoring-plugins-ssh-debuginfo-2.2-3.3.1 monitoring-plugins-swap-2.2-3.3.1 monitoring-plugins-swap-debuginfo-2.2-3.3.1 monitoring-plugins-time-2.2-3.3.1 monitoring-plugins-time-debuginfo-2.2-3.3.1 monitoring-plugins-ups-2.2-3.3.1 monitoring-plugins-ups-debuginfo-2.2-3.3.1 monitoring-plugins-users-2.2-3.3.1 monitoring-plugins-users-debuginfo-2.2-3.3.1 monitoring-plugins-wave-2.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.2-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.2-3.3.1 monitoring-plugins-debugsource-2.2-3.3.1 monitoring-plugins-fping-2.2-3.3.1 monitoring-plugins-fping-debuginfo-2.2-3.3.1 monitoring-plugins-http-2.2-3.3.1 monitoring-plugins-http-debuginfo-2.2-3.3.1 monitoring-plugins-ldap-2.2-3.3.1 monitoring-plugins-ldap-debuginfo-2.2-3.3.1 monitoring-plugins-mysql-2.2-3.3.1 monitoring-plugins-mysql-debuginfo-2.2-3.3.1 monitoring-plugins-pgsql-2.2-3.3.1 monitoring-plugins-pgsql-debuginfo-2.2-3.3.1 monitoring-plugins-tcp-2.2-3.3.1 monitoring-plugins-tcp-debuginfo-2.2-3.3.1 References: https://bugzilla.suse.com/1132350 https://bugzilla.suse.com/1132903 https://bugzilla.suse.com/1133107 From sle-updates at lists.suse.com Wed Jul 3 16:19:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:19:47 +0200 (CEST) Subject: SUSE-RU-2019:1736-1: moderate: Recommended update for yast2-support Message-ID: <20190703221947.333A2FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-support ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1736-1 Rating: moderate References: #1136145 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-support fixes the following issues: - Fixes a typo in the support url (bsc#1136145) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1736=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-support-4.1.1-9.3.1 References: https://bugzilla.suse.com/1136145 From sle-updates at lists.suse.com Wed Jul 3 16:20:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:20:31 +0200 (CEST) Subject: SUSE-RU-2019:1274-2: moderate: Recommended update for systemtap Message-ID: <20190703222031.1B850FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1274-2 Rating: moderate References: #1132538 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Fixes an issue where systemtap-server and systemtap client didn't work (bsc#1132538) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1274=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): systemtap-3.2-7.9.1 systemtap-debuginfo-3.2-7.9.1 systemtap-debugsource-3.2-7.9.1 systemtap-headers-3.2-7.9.1 systemtap-runtime-3.2-7.9.1 systemtap-runtime-debuginfo-3.2-7.9.1 systemtap-sdt-devel-3.2-7.9.1 systemtap-server-3.2-7.9.1 systemtap-server-debuginfo-3.2-7.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): systemtap-docs-3.2-7.9.1 References: https://bugzilla.suse.com/1132538 From sle-updates at lists.suse.com Wed Jul 3 16:21:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 00:21:15 +0200 (CEST) Subject: SUSE-RU-2019:1742-1: moderate: Recommended update for gd Message-ID: <20190703222115.ED6FEFFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for gd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1742-1 Rating: moderate References: #1136574 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gd fixes the following issues: - Change order while installing splitted library. (bsc#1136574) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1742=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1742=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1742=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1742=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1742=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): gd-debugsource-2.2.5-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gd-2.2.5-4.9.1 gd-debuginfo-2.2.5-4.9.1 gd-debugsource-2.2.5-4.9.1 gd-devel-2.2.5-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gd-2.2.5-4.9.1 gd-debuginfo-2.2.5-4.9.1 gd-debugsource-2.2.5-4.9.1 gd-devel-2.2.5-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-4.9.1 gd-debugsource-2.2.5-4.9.1 libgd3-2.2.5-4.9.1 libgd3-debuginfo-2.2.5-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-4.9.1 gd-debugsource-2.2.5-4.9.1 libgd3-2.2.5-4.9.1 libgd3-debuginfo-2.2.5-4.9.1 References: https://bugzilla.suse.com/1136574 From sle-updates at lists.suse.com Thu Jul 4 04:13:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 12:13:09 +0200 (CEST) Subject: SUSE-RU-2019:1743-1: moderate: Recommended update for python-augeas Message-ID: <20190704101309.6E55FFFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-augeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1743-1 Rating: moderate References: #1132356 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-augeas provides the following fix: - Avoid unicode problems on boundaries between Python and C. (bsc#1132356) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1743=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1743=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): python-augeas-0.4.1-13.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-augeas-0.4.1-13.3.1 References: https://bugzilla.suse.com/1132356 From sle-updates at lists.suse.com Thu Jul 4 07:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:11:09 +0200 (CEST) Subject: SUSE-SU-2019:1746-1: moderate: Security update for php5 Message-ID: <20190704131109.14967FFBD@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1746-1 Rating: moderate References: #1137633 #1138172 #1138173 Cross-References: CVE-2015-1351 CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). - CVE-2015-1351: Fixed a use after free in opcache extension (bsc#1137633). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1746=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1746=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1746=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-devel-5.5.14-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-devel-5.5.14-109.63.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.63.2 apache2-mod_php5-debuginfo-5.5.14-109.63.2 php5-5.5.14-109.63.2 php5-bcmath-5.5.14-109.63.2 php5-bcmath-debuginfo-5.5.14-109.63.2 php5-bz2-5.5.14-109.63.2 php5-bz2-debuginfo-5.5.14-109.63.2 php5-calendar-5.5.14-109.63.2 php5-calendar-debuginfo-5.5.14-109.63.2 php5-ctype-5.5.14-109.63.2 php5-ctype-debuginfo-5.5.14-109.63.2 php5-curl-5.5.14-109.63.2 php5-curl-debuginfo-5.5.14-109.63.2 php5-dba-5.5.14-109.63.2 php5-dba-debuginfo-5.5.14-109.63.2 php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-dom-5.5.14-109.63.2 php5-dom-debuginfo-5.5.14-109.63.2 php5-enchant-5.5.14-109.63.2 php5-enchant-debuginfo-5.5.14-109.63.2 php5-exif-5.5.14-109.63.2 php5-exif-debuginfo-5.5.14-109.63.2 php5-fastcgi-5.5.14-109.63.2 php5-fastcgi-debuginfo-5.5.14-109.63.2 php5-fileinfo-5.5.14-109.63.2 php5-fileinfo-debuginfo-5.5.14-109.63.2 php5-fpm-5.5.14-109.63.2 php5-fpm-debuginfo-5.5.14-109.63.2 php5-ftp-5.5.14-109.63.2 php5-ftp-debuginfo-5.5.14-109.63.2 php5-gd-5.5.14-109.63.2 php5-gd-debuginfo-5.5.14-109.63.2 php5-gettext-5.5.14-109.63.2 php5-gettext-debuginfo-5.5.14-109.63.2 php5-gmp-5.5.14-109.63.2 php5-gmp-debuginfo-5.5.14-109.63.2 php5-iconv-5.5.14-109.63.2 php5-iconv-debuginfo-5.5.14-109.63.2 php5-imap-5.5.14-109.63.2 php5-imap-debuginfo-5.5.14-109.63.2 php5-intl-5.5.14-109.63.2 php5-intl-debuginfo-5.5.14-109.63.2 php5-json-5.5.14-109.63.2 php5-json-debuginfo-5.5.14-109.63.2 php5-ldap-5.5.14-109.63.2 php5-ldap-debuginfo-5.5.14-109.63.2 php5-mbstring-5.5.14-109.63.2 php5-mbstring-debuginfo-5.5.14-109.63.2 php5-mcrypt-5.5.14-109.63.2 php5-mcrypt-debuginfo-5.5.14-109.63.2 php5-mysql-5.5.14-109.63.2 php5-mysql-debuginfo-5.5.14-109.63.2 php5-odbc-5.5.14-109.63.2 php5-odbc-debuginfo-5.5.14-109.63.2 php5-opcache-5.5.14-109.63.2 php5-opcache-debuginfo-5.5.14-109.63.2 php5-openssl-5.5.14-109.63.2 php5-openssl-debuginfo-5.5.14-109.63.2 php5-pcntl-5.5.14-109.63.2 php5-pcntl-debuginfo-5.5.14-109.63.2 php5-pdo-5.5.14-109.63.2 php5-pdo-debuginfo-5.5.14-109.63.2 php5-pgsql-5.5.14-109.63.2 php5-pgsql-debuginfo-5.5.14-109.63.2 php5-phar-5.5.14-109.63.2 php5-phar-debuginfo-5.5.14-109.63.2 php5-posix-5.5.14-109.63.2 php5-posix-debuginfo-5.5.14-109.63.2 php5-pspell-5.5.14-109.63.2 php5-pspell-debuginfo-5.5.14-109.63.2 php5-shmop-5.5.14-109.63.2 php5-shmop-debuginfo-5.5.14-109.63.2 php5-snmp-5.5.14-109.63.2 php5-snmp-debuginfo-5.5.14-109.63.2 php5-soap-5.5.14-109.63.2 php5-soap-debuginfo-5.5.14-109.63.2 php5-sockets-5.5.14-109.63.2 php5-sockets-debuginfo-5.5.14-109.63.2 php5-sqlite-5.5.14-109.63.2 php5-sqlite-debuginfo-5.5.14-109.63.2 php5-suhosin-5.5.14-109.63.2 php5-suhosin-debuginfo-5.5.14-109.63.2 php5-sysvmsg-5.5.14-109.63.2 php5-sysvmsg-debuginfo-5.5.14-109.63.2 php5-sysvsem-5.5.14-109.63.2 php5-sysvsem-debuginfo-5.5.14-109.63.2 php5-sysvshm-5.5.14-109.63.2 php5-sysvshm-debuginfo-5.5.14-109.63.2 php5-tokenizer-5.5.14-109.63.2 php5-tokenizer-debuginfo-5.5.14-109.63.2 php5-wddx-5.5.14-109.63.2 php5-wddx-debuginfo-5.5.14-109.63.2 php5-xmlreader-5.5.14-109.63.2 php5-xmlreader-debuginfo-5.5.14-109.63.2 php5-xmlrpc-5.5.14-109.63.2 php5-xmlrpc-debuginfo-5.5.14-109.63.2 php5-xmlwriter-5.5.14-109.63.2 php5-xmlwriter-debuginfo-5.5.14-109.63.2 php5-xsl-5.5.14-109.63.2 php5-xsl-debuginfo-5.5.14-109.63.2 php5-zip-5.5.14-109.63.2 php5-zip-debuginfo-5.5.14-109.63.2 php5-zlib-5.5.14-109.63.2 php5-zlib-debuginfo-5.5.14-109.63.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.63.2 References: https://www.suse.com/security/cve/CVE-2015-1351.html https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1137633 https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-updates at lists.suse.com Thu Jul 4 07:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:12:09 +0200 (CEST) Subject: SUSE-RU-2019:1747-1: moderate: Recommended update for cluster-glue Message-ID: <20190704131209.193C2FFBD@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1747-1 Rating: moderate References: #1131545 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cluster-glue fixes the following issues: - Directory /var/run/heartbeat/rsctmp will now get created if it doesn't exist (bsc#1131545) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1747=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1747=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1747=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-glue-debugsource-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-32bit-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-32bit-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-32bit-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-32bit-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 cluster-glue-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 cluster-glue-debugsource-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 cluster-glue-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 cluster-glue-debugsource-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue-devel-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 libglue2-debuginfo-1.0.12+v1.git.1560323319.fd5a3bef-3.6.1 References: https://bugzilla.suse.com/1131545 From sle-updates at lists.suse.com Thu Jul 4 07:12:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:12:51 +0200 (CEST) Subject: SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel Message-ID: <20190704131251.54D6FFFBD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1744-1 Rating: important References: #1051510 #1071995 #1094555 #1111666 #1112374 #1114279 #1128432 #1134730 #1134738 #1135153 #1135296 #1135642 #1136156 #1136157 #1136271 #1136333 #1137103 #1137194 #1137366 #1137884 #1137985 #1138263 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. This update adds support for the Hygon Dhyana CPU (fate#327735). The following security bugs were fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (fate#327735). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpu/topology: Export die_id (jsc#SLE-5454). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL PCI ID (jsc#SLE-4986). - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - EDAC, amd64: Add Hygon Dhyana support (fate#327735). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nl80211: fix station_info pertid memory leak (bsc#1051510). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - PCI: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056). - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056). - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/cpu: Add Icelake model number (jsc#SLE-5226). - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-livepatch-4.12.14-197.7.1 kernel-default-livepatch-devel-4.12.14-197.7.1 kernel-livepatch-4_12_14-197_7-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 From sle-updates at lists.suse.com Thu Jul 4 07:17:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:17:38 +0200 (CEST) Subject: SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel Message-ID: <20190704131738.740EEFFBD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1744-1 Rating: important References: #1051510 #1071995 #1094555 #1111666 #1112374 #1114279 #1128432 #1134730 #1134738 #1135153 #1135296 #1135642 #1136156 #1136157 #1136271 #1136333 #1137103 #1137194 #1137366 #1137884 #1137985 #1138263 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. This update adds support for the Hygon Dhyana CPU (fate#327735). The following security bugs were fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (fate#327735). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpu/topology: Export die_id (jsc#SLE-5454). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL PCI ID (jsc#SLE-4986). - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - EDAC, amd64: Add Hygon Dhyana support (fate#327735). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nl80211: fix station_info pertid memory leak (bsc#1051510). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - PCI: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056). - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056). - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/cpu: Add Icelake model number (jsc#SLE-5226). - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-extra-4.12.14-197.7.1 kernel-default-extra-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-obs-qa-4.12.14-197.7.1 kernel-vanilla-4.12.14-197.7.1 kernel-vanilla-base-4.12.14-197.7.1 kernel-vanilla-base-debuginfo-4.12.14-197.7.1 kernel-vanilla-debuginfo-4.12.14-197.7.1 kernel-vanilla-debugsource-4.12.14-197.7.1 kernel-vanilla-devel-4.12.14-197.7.1 kernel-vanilla-devel-debuginfo-4.12.14-197.7.1 kernel-vanilla-livepatch-devel-4.12.14-197.7.1 kselftests-kmp-default-4.12.14-197.7.1 kselftests-kmp-default-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.7.1 kernel-debug-base-4.12.14-197.7.1 kernel-debug-base-debuginfo-4.12.14-197.7.1 kernel-debug-debuginfo-4.12.14-197.7.1 kernel-debug-debugsource-4.12.14-197.7.1 kernel-debug-devel-4.12.14-197.7.1 kernel-debug-devel-debuginfo-4.12.14-197.7.1 kernel-debug-livepatch-devel-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.7.1 dtb-allwinner-4.12.14-197.7.1 dtb-altera-4.12.14-197.7.1 dtb-amd-4.12.14-197.7.1 dtb-amlogic-4.12.14-197.7.1 dtb-apm-4.12.14-197.7.1 dtb-arm-4.12.14-197.7.1 dtb-broadcom-4.12.14-197.7.1 dtb-cavium-4.12.14-197.7.1 dtb-exynos-4.12.14-197.7.1 dtb-freescale-4.12.14-197.7.1 dtb-hisilicon-4.12.14-197.7.1 dtb-lg-4.12.14-197.7.1 dtb-marvell-4.12.14-197.7.1 dtb-mediatek-4.12.14-197.7.1 dtb-nvidia-4.12.14-197.7.1 dtb-qcom-4.12.14-197.7.1 dtb-renesas-4.12.14-197.7.1 dtb-rockchip-4.12.14-197.7.1 dtb-socionext-4.12.14-197.7.1 dtb-sprd-4.12.14-197.7.1 dtb-xilinx-4.12.14-197.7.1 dtb-zte-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.7.1 kernel-source-vanilla-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.7.1 kernel-kvmsmall-base-4.12.14-197.7.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-debugsource-4.12.14-197.7.1 kernel-kvmsmall-devel-4.12.14-197.7.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.7.1 kernel-zfcpdump-debugsource-4.12.14-197.7.1 kernel-zfcpdump-man-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-livepatch-4.12.14-197.7.1 kernel-default-livepatch-devel-4.12.14-197.7.1 kernel-livepatch-4_12_14-197_7-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 reiserfs-kmp-default-4.12.14-197.7.1 reiserfs-kmp-default-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.7.1 kernel-obs-build-debugsource-4.12.14-197.7.1 kernel-syms-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.7.1 kernel-source-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.7.1 kernel-default-base-4.12.14-197.7.1 kernel-default-base-debuginfo-4.12.14-197.7.1 kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-devel-4.12.14-197.7.1 kernel-default-devel-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.7.1 kernel-macros-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.7.1 kernel-zfcpdump-4.12.14-197.7.1 kernel-zfcpdump-debuginfo-4.12.14-197.7.1 kernel-zfcpdump-debugsource-4.12.14-197.7.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.7.1 cluster-md-kmp-default-debuginfo-4.12.14-197.7.1 dlm-kmp-default-4.12.14-197.7.1 dlm-kmp-default-debuginfo-4.12.14-197.7.1 gfs2-kmp-default-4.12.14-197.7.1 gfs2-kmp-default-debuginfo-4.12.14-197.7.1 kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 ocfs2-kmp-default-4.12.14-197.7.1 ocfs2-kmp-default-debuginfo-4.12.14-197.7.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 From sle-updates at lists.suse.com Thu Jul 4 10:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:0048-2: moderate: Security update for helm-mirror Message-ID: <20190704161131.4C40FFDCE@maintenance.suse.de> SUSE Security Update: Security update for helm-mirror ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0048-2 Rating: moderate References: #1116182 #1118897 #1118898 #1118899 #1120762 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for helm-mirror to version 0.2.1 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote command execution (bsc#1118897) - CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import path (bsc#1118898) - CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899) Non-security issue fixed: - Update to v0.2.1 (bsc#1120762) - Include helm-mirror into the containers module (bsc#1116182) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-48=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): helm-mirror-0.2.1-1.7.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1116182 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1120762 From sle-updates at lists.suse.com Thu Jul 4 10:12:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 18:12:44 +0200 (CEST) Subject: SUSE-SU-2019:14114-1: moderate: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr Message-ID: <20190704161244.232FAFDCE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14114-1 Rating: moderate References: #1137338 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-firefox-607esr-14114=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): MozillaFirefox-branding-SLED-60-21.6.8 firefox-at-spi2-core-2.10.2-2.6.5 firefox-at-spi2-core-lang-2.10.2-2.6.5 firefox-atk-lang-2.26.1-2.5.5 firefox-dbus-1-glib-0.76-34.2.4.5 firefox-gdk-pixbuf-lang-2.36.11-2.5.4 firefox-gdk-pixbuf-query-loaders-2.36.11-2.5.4 firefox-gdk-pixbuf-thumbnailer-2.36.11-2.5.4 firefox-gio-branding-upstream-2.54.3-2.4.3 firefox-glib2-lang-2.54.3-2.4.3 firefox-glib2-tools-2.54.3-2.4.3 firefox-gtk3-branding-upstream-3.10.9-2.8.3 firefox-gtk3-data-3.10.9-2.8.3 firefox-gtk3-immodule-amharic-3.10.9-2.8.3 firefox-gtk3-immodule-inuktitut-3.10.9-2.8.3 firefox-gtk3-immodule-multipress-3.10.9-2.8.3 firefox-gtk3-immodule-thai-3.10.9-2.8.3 firefox-gtk3-immodule-vietnamese-3.10.9-2.8.3 firefox-gtk3-immodule-xim-3.10.9-2.8.3 firefox-gtk3-immodules-tigrigna-3.10.9-2.8.3 firefox-gtk3-lang-3.10.9-2.8.3 firefox-gtk3-tools-3.10.9-2.8.3 firefox-libatk-1_0-0-2.26.1-2.5.5 firefox-libatk-bridge-2_0-0-2.10.2-2.6.5 firefox-libatspi0-2.10.2-2.6.5 firefox-libcairo-gobject2-1.15.10-2.8.7 firefox-libcairo2-1.15.10-2.8.7 firefox-libfreetype6-2.9-2.4.1 firefox-libgcc_s1-5.3.1+r233831-10.1 firefox-libgdk_pixbuf-2_0-0-2.36.11-2.5.4 firefox-libgtk-3-0-3.10.9-2.8.3 firefox-libharfbuzz0-1.7.5-2.4.5 firefox-libpango-1_0-0-1.40.14-2.4.5 firefox-libpixman-1-0-0.34.0-2.5.1 firefox-libstdc++6-5.3.1+r233831-10.1 libfirefox-gio-2_0-0-2.54.3-2.4.3 libfirefox-glib-2_0-0-2.54.3-2.4.3 libfirefox-gmodule-2_0-0-2.54.3-2.4.3 libfirefox-gobject-2_0-0-2.54.3-2.4.3 libfirefox-gthread-2_0-0-2.54.3-2.4.3 mozilla-nspr-4.20-29.3.1 mozilla-nspr-devel-4.20-29.3.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): mozilla-nspr-32bit-4.20-29.3.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): libfreebl3-3.41.1-38.6.1 libsoftokn3-3.41.1-38.6.1 mozilla-nss-3.41.1-38.6.1 mozilla-nss-certs-3.41.1-38.6.1 mozilla-nss-devel-3.41.1-38.6.1 mozilla-nss-tools-3.41.1-38.6.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-38.6.1 libsoftokn3-32bit-3.41.1-38.6.1 mozilla-nss-32bit-3.41.1-38.6.1 mozilla-nss-certs-32bit-3.41.1-38.6.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-60.7.0esr-78.40.2 MozillaFirefox-translations-common-60.7.0esr-78.40.2 MozillaFirefox-translations-other-60.7.0esr-78.40.2 References: https://bugzilla.suse.com/1137338 From sle-updates at lists.suse.com Thu Jul 4 13:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 21:11:04 +0200 (CEST) Subject: SUSE-SU-2019:1750-1: moderate: Security update for libu2f-host, pam_u2f Message-ID: <20190704191104.96709FDCE@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host, pam_u2f ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1750-1 Rating: moderate References: #1128140 #1135727 #1135729 Cross-References: CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1750=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1750=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1750=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1750=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-doc-1.1.6-3.6.1 u2f-host-1.1.6-3.6.1 u2f-host-debuginfo-1.1.6-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-doc-1.1.6-3.6.1 u2f-host-1.1.6-3.6.1 u2f-host-debuginfo-1.1.6-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-devel-1.1.6-3.6.1 libu2f-host0-1.1.6-3.6.1 libu2f-host0-debuginfo-1.1.6-3.6.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-devel-1.1.6-3.6.1 libu2f-host0-1.1.6-3.6.1 libu2f-host0-debuginfo-1.1.6-3.6.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12209.html https://www.suse.com/security/cve/CVE-2019-12210.html https://www.suse.com/security/cve/CVE-2019-9578.html https://bugzilla.suse.com/1128140 https://bugzilla.suse.com/1135727 https://bugzilla.suse.com/1135729 From sle-updates at lists.suse.com Thu Jul 4 13:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Jul 2019 21:12:04 +0200 (CEST) Subject: SUSE-SU-2019:1749-1: moderate: Security update for libu2f-host Message-ID: <20190704191204.2B430FDCE@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1749-1 Rating: moderate References: #1124781 #1128140 #1135727 #1135729 Cross-References: CVE-2018-20340 CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1749=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1749=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libu2f-host-debugsource-1.1.6-3.5.1 libu2f-host0-1.1.6-3.5.1 libu2f-host0-debuginfo-1.1.6-3.5.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libu2f-host-debugsource-1.1.6-3.5.1 libu2f-host0-1.1.6-3.5.1 libu2f-host0-debuginfo-1.1.6-3.5.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20340.html https://www.suse.com/security/cve/CVE-2019-12209.html https://www.suse.com/security/cve/CVE-2019-12210.html https://www.suse.com/security/cve/CVE-2019-9578.html https://bugzilla.suse.com/1124781 https://bugzilla.suse.com/1128140 https://bugzilla.suse.com/1135727 https://bugzilla.suse.com/1135729 From sle-updates at lists.suse.com Thu Jul 4 16:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 00:11:03 +0200 (CEST) Subject: SUSE-RU-2019:1754-1: moderate: Recommended update for yast2-storage Message-ID: <20190704221103.AB2C6FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1754-1 Rating: moderate References: #1113714 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage fixes the following issues: - Fixes an error where YaST wrongly showed a message 'Not enough space available to propose separate /home' (bsc#1113714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1754=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1754=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1754=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-debuginfo-3.2.16.4-2.14.1 yast2-storage-debugsource-3.2.16.4-2.14.1 yast2-storage-devel-3.2.16.4-2.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-3.2.16.4-2.14.1 yast2-storage-debuginfo-3.2.16.4-2.14.1 yast2-storage-debugsource-3.2.16.4-2.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-storage-3.2.16.4-2.14.1 yast2-storage-debuginfo-3.2.16.4-2.14.1 yast2-storage-debugsource-3.2.16.4-2.14.1 References: https://bugzilla.suse.com/1113714 From sle-updates at lists.suse.com Thu Jul 4 16:11:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 00:11:57 +0200 (CEST) Subject: SUSE-RU-2019:1751-1: important: Recommended update for sbd Message-ID: <20190704221157.09766FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1751-1 Rating: important References: #1128059 #1134496 #1140065 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-cluster: Fix 100% CPU usage when CMAP connection is lost. (bsc#1140065, SOC-8774) - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - sbd-inquisitor: Overhaul device-list-parser - sbd-inquisitor: Free timeout action on bail out - sbd-md: Prevent unrealistic overflow on sector io calc. - sbd-pacemaker: Bail out of status earlier. - sbd-pacemaker: Make handling of cib-connection loss more robust. - sbd-cluster: Finalize cmap connection if disconnected from cluster. (bsc#1128059) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1751=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): sbd-1.4.0+20190514.e9be8d9-3.6.1 sbd-debuginfo-1.4.0+20190514.e9be8d9-3.6.1 sbd-debugsource-1.4.0+20190514.e9be8d9-3.6.1 References: https://bugzilla.suse.com/1128059 https://bugzilla.suse.com/1134496 https://bugzilla.suse.com/1140065 From sle-updates at lists.suse.com Thu Jul 4 16:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 00:13:00 +0200 (CEST) Subject: SUSE-RU-2019:1753-1: moderate: Recommended update for resource-agents Message-ID: <20190704221300.459ACFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1753-1 Rating: moderate References: #1131793 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - galera: Allow empty password for "check_passwd" parameter. (bsc#1131793) - galera: Log message when changing content of grastate.dat file. (bsc#1131793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1753=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.20.1 resource-agents-4.1.9+git24.9b664917-3.20.1 resource-agents-debuginfo-4.1.9+git24.9b664917-3.20.1 resource-agents-debugsource-4.1.9+git24.9b664917-3.20.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.20.1 References: https://bugzilla.suse.com/1131793 From sle-updates at lists.suse.com Thu Jul 4 16:13:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 00:13:45 +0200 (CEST) Subject: SUSE-RU-2019:1752-1: moderate: Recommended update for gnome-shell-extensions Message-ID: <20190704221345.6B824FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1752-1 Rating: moderate References: #1129412 #1137735 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-shell-extensions provides the following fixes: - Split the architecture dependent session file to a new package gnome-shell-classic-session required by gnome-shell-classic. (bsc#1137735, bsc#1129412) - Remove the gnome session runtime requirement of g-s-d Wacom plugin because it is not build on s390. (bsc#1129412) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1752=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1752=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-shell-classic-session-3.26.2-7.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gnome-shell-classic-3.26.2-7.10.1 gnome-shell-extensions-common-3.26.2-7.10.1 gnome-shell-extensions-common-lang-3.26.2-7.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-classic-session-3.26.2-7.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-classic-3.26.2-7.10.1 gnome-shell-extensions-common-3.26.2-7.10.1 gnome-shell-extensions-common-lang-3.26.2-7.10.1 References: https://bugzilla.suse.com/1129412 https://bugzilla.suse.com/1137735 From sle-updates at lists.suse.com Fri Jul 5 07:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 15:11:18 +0200 (CEST) Subject: SUSE-RU-2019:1757-1: moderate: Recommended update for yast2-network Message-ID: <20190705131118.49C94FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1757-1 Rating: moderate References: #1123102 #1134784 #1136103 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network is fixing the following issues: - A bug has been fixed when configuring a static IP address without any hostname (bsc#1123102) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1757=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-network-4.0.49-3.20.1 References: https://bugzilla.suse.com/1123102 https://bugzilla.suse.com/1134784 https://bugzilla.suse.com/1136103 From sle-updates at lists.suse.com Fri Jul 5 07:12:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 15:12:16 +0200 (CEST) Subject: SUSE-RU-2019:1756-1: important: Recommended update for sbd Message-ID: <20190705131216.66399FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1756-1 Rating: important References: #1128059 #1134496 #1140065 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-cluster: Fix 100% CPU usage when CMAP connection is lost. (bsc#1140065, SOC-8774) - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - sbd-inquisitor: Overhaul device-list-parser - sbd-inquisitor: Free timeout action on bail out - sbd-md: Prevent unrealistic overflow on sector io calc. - sbd-pacemaker: Bail out of status earlier. - sbd-pacemaker: Make handling of cib-connection loss more robust. - sbd-cluster: Finalize cmap connection if disconnected from cluster. (bsc#1128059) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1756=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): sbd-1.4.0+20190514.e9be8d9-4.11.1 sbd-debuginfo-1.4.0+20190514.e9be8d9-4.11.1 sbd-debugsource-1.4.0+20190514.e9be8d9-4.11.1 References: https://bugzilla.suse.com/1128059 https://bugzilla.suse.com/1134496 https://bugzilla.suse.com/1140065 From sle-updates at lists.suse.com Fri Jul 5 10:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:11:15 +0200 (CEST) Subject: SUSE-RU-2019:11187-1: moderate: Recommended update for mariadb-connector-c Message-ID: <20190705161115.0B140FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:11187-1 Rating: moderate References: #1116686 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mariadb-connector-c fixes the following issues: - New upstream version 3.0.7 (bsc#1116686) * Build fixes when building with ASAN/TSAN * CONC-370: Fixed memory leak in configuration file parsing. * CONC-371: Incorrect fractional part conversion when converting datetime string to MYSQL_TIME * CONC-283: Fixed pkg-config configuration * CONC-364: Not all sockets created in pvio_socket_connect function are closed * multiple fixes in named pipe implementation * CONC-349: Added new parameter STMT_ATTR_STATE to retrieve statement status via api function mysql_stmt_attr_get - Pack libmariadb.pc - Remove libmysqlclient Provides/Obsoletes, libmysqlclient.so and libmysqlclient_r.so links as libmysqlclient library is provided by mariadb package (version 10.0) itself in SLE12SP4. Update baselibs.conf in the same manner (fate#323756) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-11187=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-11187=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-11187=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmariadb3-3.0.7-3.9.1 libmariadb3-debuginfo-3.0.7-3.9.1 mariadb-connector-c-debugsource-3.0.7-3.9.1 - SUSE OpenStack Cloud 8 (x86_64): libmariadb3-3.0.7-3.9.1 libmariadb3-debuginfo-3.0.7-3.9.1 mariadb-connector-c-debugsource-3.0.7-3.9.1 - HPE Helion Openstack 8 (x86_64): libmariadb3-3.0.7-3.9.1 libmariadb3-debuginfo-3.0.7-3.9.1 mariadb-connector-c-debugsource-3.0.7-3.9.1 References: https://bugzilla.suse.com/1116686 From sle-updates at lists.suse.com Fri Jul 5 10:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:12:02 +0200 (CEST) Subject: SUSE-RU-2019:1762-1: moderate: Recommended update for wicked Message-ID: <20190705161202.B9169FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1762-1 Rating: moderate References: #1106809 #1118206 #1118378 #1123555 #1127340 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for wicked fixes the following issues: Wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) - dhcp: request hostname/fqdn option in the tester (bsc#1118378) - build: link with relro by default for binary hardening Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1762=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1762=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1762=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1762=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1762=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1762=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1762=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1762=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE Enterprise Storage 4 (x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - SUSE CaaS Platform 3.0 (x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libwicked-0-6-0.6.54-38.16.1 libwicked-0-6-debuginfo-0.6.54-38.16.1 wicked-0.6.54-38.16.1 wicked-debuginfo-0.6.54-38.16.1 wicked-debugsource-0.6.54-38.16.1 wicked-service-0.6.54-38.16.1 References: https://bugzilla.suse.com/1106809 https://bugzilla.suse.com/1118206 https://bugzilla.suse.com/1118378 https://bugzilla.suse.com/1123555 https://bugzilla.suse.com/1127340 From sle-updates at lists.suse.com Fri Jul 5 10:13:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:13:36 +0200 (CEST) Subject: SUSE-RU-2019:1758-1: moderate: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20190705161336.168F9FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1758-1 Rating: moderate References: #1140267 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-suse-openstack-cloud fixes the following issues: - Update to version 9.20190516: * document Ironic limitations for Cloud 9 (SOC-6818) * Fix copyright year + RHEL version * Fix product name in a comment * Update history: wording improvement, uncomment list of updates * Reinstate list of Known Issues * Suspecting this commented section won't be needed anymore * This feature is actually removed not just deprecated * Rework limitations section -- shorter sentences, markup improvements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-1758=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-1758=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): release-notes-suse-openstack-cloud-9.20190516-3.6.1 - SUSE OpenStack Cloud 9 (noarch): release-notes-suse-openstack-cloud-9.20190516-3.6.1 References: https://bugzilla.suse.com/1140267 From sle-updates at lists.suse.com Fri Jul 5 10:14:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:14:14 +0200 (CEST) Subject: SUSE-RU-2019:1761-1: moderate: Recommended update for e2fsprogs Message-ID: <20190705161414.45F2CFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1761-1 Rating: moderate References: #1128383 #1135261 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for e2fsprogs fixes the following issues: - Revert "mke2fs: prevent creation of unmountable ext4 with large flex_bg count". (bsc#1135261) - Place metadata blocks in the last flex_bg so they are contiguous. (bsc#1135261) - Check and fix tails of all bitmaps. (bsc#1128383) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): e2fsprogs-1.42.11-16.3.1 e2fsprogs-debuginfo-1.42.11-16.3.1 e2fsprogs-debugsource-1.42.11-16.3.1 libcom_err2-1.42.11-16.3.1 libcom_err2-debuginfo-1.42.11-16.3.1 libext2fs2-1.42.11-16.3.1 libext2fs2-debuginfo-1.42.11-16.3.1 References: https://bugzilla.suse.com/1128383 https://bugzilla.suse.com/1135261 From sle-updates at lists.suse.com Fri Jul 5 10:15:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:15:04 +0200 (CEST) Subject: SUSE-SU-2019:1398-2: Security update for libpng16 Message-ID: <20190705161505.00E7AFDCE@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1398-2 Rating: low References: #1100687 #1121624 #1124211 Cross-References: CVE-2018-13785 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1398=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1398=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libpng16-debugsource-1.6.34-3.9.1 libpng16-tools-1.6.34-3.9.1 libpng16-tools-debuginfo-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpng16-compat-devel-32bit-1.6.34-3.9.1 libpng16-devel-32bit-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpng16-16-1.6.34-3.9.1 libpng16-16-debuginfo-1.6.34-3.9.1 libpng16-compat-devel-1.6.34-3.9.1 libpng16-debugsource-1.6.34-3.9.1 libpng16-devel-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpng16-16-32bit-1.6.34-3.9.1 libpng16-16-32bit-debuginfo-1.6.34-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1100687 https://bugzilla.suse.com/1121624 https://bugzilla.suse.com/1124211 From sle-updates at lists.suse.com Fri Jul 5 10:15:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:15:59 +0200 (CEST) Subject: SUSE-RU-2019:1759-1: moderate: Recommended update for open-iscsi Message-ID: <20190705161559.B1E84FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1759-1 Rating: moderate References: #1135070 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Adds iscsiuio support of systemd (bsc#1135070) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): iscsiuio-0.7.8.2-53.25.2 iscsiuio-debuginfo-0.7.8.2-53.25.2 libopeniscsiusr0_2_0-2.0.876-53.25.2 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.25.2 open-iscsi-2.0.876-53.25.2 open-iscsi-debuginfo-2.0.876-53.25.2 open-iscsi-debugsource-2.0.876-53.25.2 References: https://bugzilla.suse.com/1135070 From sle-updates at lists.suse.com Fri Jul 5 13:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Jul 2019 21:11:27 +0200 (CEST) Subject: SUSE-RU-2019:1763-1: moderate: Recommended update for yast2-storage Message-ID: <20190705191127.0F182FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1763-1 Rating: moderate References: #1113714 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage fixes the following issues: - Fixes an error where YaST wrongly showed a message 'Not enough space available to propose separate /home' (bsc#1113714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1763=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1763=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1763=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): yast2-storage-debuginfo-3.2.20.1-3.3.2 yast2-storage-debugsource-3.2.20.1-3.3.2 yast2-storage-devel-3.2.20.1-3.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): yast2-storage-3.2.20.1-3.3.2 yast2-storage-debuginfo-3.2.20.1-3.3.2 yast2-storage-debugsource-3.2.20.1-3.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): yast2-storage-3.2.20.1-3.3.2 yast2-storage-debuginfo-3.2.20.1-3.3.2 yast2-storage-debugsource-3.2.20.1-3.3.2 References: https://bugzilla.suse.com/1113714 From sle-updates at lists.suse.com Fri Jul 5 16:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Jul 2019 00:11:02 +0200 (CEST) Subject: SUSE-SU-2019:0838-2: important: Security update for bash Message-ID: <20190705221103.07BCAFFD6@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0838-2 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-838=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-838=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-838=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-838=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-838=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-838=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE OpenStack Cloud 7 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Enterprise Storage 4 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Enterprise Storage 4 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-updates at lists.suse.com Sat Jul 6 16:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 Jul 2019 00:11:02 +0200 (CEST) Subject: SUSE-RU-2019:1764-1: moderate: Recommended update for autoyast2 Message-ID: <20190706221102.C5C9AFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1764-1 Rating: moderate References: #1134501 Affected Products: SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 fixes the following issues: - Fixes a bug where an error was raised when clicking the 'OK' button for the partition settings (bsc#1134501) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-1764=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1764=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1764=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): autoyast2-3.2.32.3-2.39.1 autoyast2-installation-3.2.32.3-2.39.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): autoyast2-3.2.32.3-2.39.1 autoyast2-installation-3.2.32.3-2.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): autoyast2-3.2.32.3-2.39.1 autoyast2-installation-3.2.32.3-2.39.1 References: https://bugzilla.suse.com/1134501 From sle-updates at lists.suse.com Mon Jul 8 10:10:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:10:55 +0200 (CEST) Subject: SUSE-SU-2019:1767-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) Message-ID: <20190708161055.7CACFFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1767-1 Rating: important References: #1102682 #1133191 Cross-References: CVE-2018-5390 CVE-2019-11487 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_115 fixes several issues. The following security issues were fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1766=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1767=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1766=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1767=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-2-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_115-default-2-2.1 kgraft-patch-3_12_74-60_64_115-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_115-default-2-2.1 kgraft-patch-3_12_74-60_64_115-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-11487.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1133191 From sle-updates at lists.suse.com Mon Jul 8 10:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:11:48 +0200 (CEST) Subject: SUSE-SU-2019:1765-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) Message-ID: <20190708161148.0D97EFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1765-1 Rating: important References: #1136446 #1138264 Cross-References: CVE-2019-12817 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc had a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bsc#1138264). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1765=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-3-7.2 References: https://www.suse.com/security/cve/CVE-2019-12817.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1138264 From sle-updates at lists.suse.com Mon Jul 8 10:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:12:35 +0200 (CEST) Subject: SUSE-SU-2019:1768-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) Message-ID: <20190708161235.C351AFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1768-1 Rating: important References: #1133191 Cross-References: CVE-2019-11487 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_97 fixes one issue. The following security issue was fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1768=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-2-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11487.html https://bugzilla.suse.com/1133191 From sle-updates at lists.suse.com Mon Jul 8 10:13:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:13:13 +0200 (CEST) Subject: SUSE-SU-2019:1769-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) Message-ID: <20190708161313.063D7FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1769-1 Rating: important References: #1138264 Cross-References: CVE-2019-12817 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_4 fixes one issue. The following security issue was fixed: - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc had a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bsc#1138264). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1769=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_4-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1138264 From sle-updates at lists.suse.com Mon Jul 8 13:10:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Jul 2019 21:10:56 +0200 (CEST) Subject: SUSE-SU-2019:1773-1: moderate: Security update for ImageMagick Message-ID: <20190708191056.971D9FEA9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1773-1 Rating: moderate References: #1138425 #1138464 Cross-References: CVE-2019-11597 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1773=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1773=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1773=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-config-7-upstream-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-extra-7.0.7.34-3.64.2 ImageMagick-extra-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ImageMagick-doc-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ImageMagick-devel-32bit-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-32bit-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-extra-7.0.7.34-3.64.2 ImageMagick-extra-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 perl-PerlMagick-7.0.7.34-3.64.2 perl-PerlMagick-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 perl-PerlMagick-7.0.7.34-3.64.2 perl-PerlMagick-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.64.2 ImageMagick-config-7-SUSE-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-devel-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.64.2 ImageMagick-config-7-SUSE-7.0.7.34-3.64.2 ImageMagick-config-7-upstream-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-devel-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 References: https://www.suse.com/security/cve/CVE-2019-11597.html https://bugzilla.suse.com/1138425 https://bugzilla.suse.com/1138464 From sle-updates at lists.suse.com Mon Jul 8 16:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:10:53 +0200 (CEST) Subject: SUSE-SU-2019:1776-1: important: Security update for zeromq Message-ID: <20190708221053.0E02EFEA9@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1776-1 Rating: important References: #1082318 #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1776=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1776=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1776=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1776=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): zeromq-debugsource-4.2.3-3.8.1 zeromq-tools-4.2.3-3.8.1 zeromq-tools-debuginfo-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): zeromq-debugsource-4.2.3-3.8.1 zeromq-tools-4.2.3-3.8.1 zeromq-tools-debuginfo-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libzmq5-4.2.3-3.8.1 libzmq5-debuginfo-4.2.3-3.8.1 zeromq-debugsource-4.2.3-3.8.1 zeromq-devel-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzmq5-4.2.3-3.8.1 libzmq5-debuginfo-4.2.3-3.8.1 zeromq-debugsource-4.2.3-3.8.1 zeromq-devel-4.2.3-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1140255 From sle-updates at lists.suse.com Mon Jul 8 16:11:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:11:50 +0200 (CEST) Subject: SUSE-RU-2019:1780-1: moderate: Recommended update for icewm Message-ID: <20190708221150.6C4D7FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1780-1 Rating: moderate References: #1076817 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for icewm fixes the following issues: - Disabled icewm's suspend function in order to allow systemd the handling of power key events (bsc#1076817) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1780=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1780=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1780=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1780=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): icewm-config-upstream-1.4.2-7.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): icewm-config-upstream-1.4.2-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.6.1 icewm-debuginfo-1.4.2-7.6.1 icewm-debugsource-1.4.2-7.6.1 icewm-default-1.4.2-7.6.1 icewm-default-debuginfo-1.4.2-7.6.1 icewm-lite-1.4.2-7.6.1 icewm-lite-debuginfo-1.4.2-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-lang-1.4.2-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.6.1 icewm-debuginfo-1.4.2-7.6.1 icewm-debugsource-1.4.2-7.6.1 icewm-default-1.4.2-7.6.1 icewm-default-debuginfo-1.4.2-7.6.1 icewm-lite-1.4.2-7.6.1 icewm-lite-debuginfo-1.4.2-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): icewm-lang-1.4.2-7.6.1 References: https://bugzilla.suse.com/1076817 From sle-updates at lists.suse.com Mon Jul 8 16:12:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:12:38 +0200 (CEST) Subject: SUSE-SU-2019:1772-1: important: Security update for python-Pillow Message-ID: <20190708221238.1AF2EFEA9@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1772-1 Rating: important References: #1008845 Cross-References: CVE-2016-9189 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: Security issue fixed: - CVE-2016-9189: Fixed a integer overflows leading to memory disclosure in PyImaging_MapBuffer() (bsc#1008845). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1772=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1772=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Pillow-2.8.1-4.6.1 python-Pillow-debuginfo-2.8.1-4.6.1 python-Pillow-debugsource-2.8.1-4.6.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Pillow-2.8.1-4.6.1 python-Pillow-debuginfo-2.8.1-4.6.1 python-Pillow-debugsource-2.8.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2016-9189.html https://bugzilla.suse.com/1008845 From sle-updates at lists.suse.com Mon Jul 8 16:13:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:13:21 +0200 (CEST) Subject: SUSE-RU-2019:1782-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20190708221321.A21E3FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1782-1 Rating: moderate References: #1116880 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - SAP Installation Wizard fails to install NetWeaver on SLES4SAP 15SP1. (bsc#1116880) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2019-1782=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (ppc64le x86_64): sap-installation-wizard-4.1.16-3.6.1 References: https://bugzilla.suse.com/1116880 From sle-updates at lists.suse.com Mon Jul 8 16:14:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:14:05 +0200 (CEST) Subject: SUSE-SU-2019:14117-1: important: Security update for zeromq Message-ID: <20190708221405.265A2FEA9@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14117-1 Rating: important References: #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-zeromq-14117=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-zeromq-14117=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): libzmq3-4.0.4-3.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): libzmq3-4.0.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1140255 From sle-updates at lists.suse.com Mon Jul 8 16:14:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:14:45 +0200 (CEST) Subject: SUSE-RU-2019:1779-1: moderate: Recommended update for yast2-update Message-ID: <20190708221445.A9389FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1779-1 Rating: moderate References: #1136012 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-update contains the following fixes: - Initialize add-on products and system packages correctly for migration. (bsc#1136012) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1779=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1779=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-update-FACTORY-4.1.10-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-update-4.1.10-3.3.1 References: https://bugzilla.suse.com/1136012 From sle-updates at lists.suse.com Mon Jul 8 16:15:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:15:29 +0200 (CEST) Subject: SUSE-RU-2019:1778-1: moderate: Recommended update for kiwi Message-ID: <20190708221529.2AAF1FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1778-1 Rating: moderate References: #1136744 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issue: - Normalize partedGetPartitionID output (bsc#1136744) (#675) This commit ensures the partedGetPartitionID output returns the same partition ID codes with or without the presence of sgdisk utility. It basically trusts partition names provided by KIWI to map partitions to specific IDs. Additionally this commit also makes sure that the partition stated to be of `ef` type in config. is named `legacy`, to be consistent with the partedGetPartitionID expectations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1778=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1778=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.51-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-7.04.51-2.9.1 kiwi-desc-oemboot-7.04.51-2.9.1 kiwi-desc-vmxboot-7.04.51-2.9.1 kiwi-templates-7.04.51-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.51-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kiwi-doc-7.04.51-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-desc-isoboot-7.04.51-2.9.1 References: https://bugzilla.suse.com/1136744 From sle-updates at lists.suse.com Mon Jul 8 16:16:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:16:11 +0200 (CEST) Subject: SUSE-RU-2019:1781-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20190708221611.01704FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1781-1 Rating: moderate References: #1106088 #1116880 #1139568 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - SAP Installation Wizard fails to install NetWeaver on SLES4SAP. (bsc#1116880) - Incorrect text in one of the installation screens. (bsc#1139568) - Adding add-on will trigger system role step which is normally not there. (bsc#1106088) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1781=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sap-installation-wizard-3.1.81.19-3.12.1 References: https://bugzilla.suse.com/1106088 https://bugzilla.suse.com/1116880 https://bugzilla.suse.com/1139568 From sle-updates at lists.suse.com Tue Jul 9 07:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 15:11:05 +0200 (CEST) Subject: SUSE-SU-2019:1783-1: important: Security update for postgresql10 Message-ID: <20190709131105.8E2D2FEA9@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1783-1 Rating: important References: #1138034 Cross-References: CVE-2019-10164 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1783=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1783=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1783=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1783=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1783=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1783=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1783=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1783=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1783=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1783=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1783=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1783=1 Package List: - SUSE OpenStack Cloud 8 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE OpenStack Cloud 8 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE OpenStack Cloud 7 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.9-1.12.1 postgresql10-devel-debuginfo-10.9-1.12.1 postgresql10-libs-debugsource-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 - SUSE Enterprise Storage 5 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Enterprise Storage 5 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Enterprise Storage 4 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Enterprise Storage 4 (noarch): postgresql10-docs-10.9-1.12.2 References: https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1138034 From sle-updates at lists.suse.com Tue Jul 9 07:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 15:11:51 +0200 (CEST) Subject: SUSE-SU-2019:1785-1: important: Security update for zeromq Message-ID: <20190709131151.D1C48FEA9@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1785-1 Rating: important References: #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1785=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1785=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1785=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1785=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1785=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1785=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1785=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1785=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1785=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1785=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Manager Proxy 3.2 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 zeromq-devel-4.0.4-15.3.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE CaaS Platform 3.0 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1140255 From sle-updates at lists.suse.com Tue Jul 9 13:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:10:41 +0200 (CEST) Subject: SUSE-SU-2019:1790-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190709191041.CBF24FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1790-1 Rating: moderate References: #1102770 #1136480 Cross-References: CVE-2019-10136 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues: release-notes-susemanager: - Fix invalid characters in ncurses mode (bsc#1102770) spacewalk-backend: - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-web: - Change WebUI string version to 3.2.9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1790=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1790=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.9-6.35.1 - SUSE Manager Server 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-app-2.8.57.17-3.33.1 spacewalk-backend-applet-2.8.57.17-3.33.1 spacewalk-backend-config-files-2.8.57.17-3.33.1 spacewalk-backend-config-files-common-2.8.57.17-3.33.1 spacewalk-backend-config-files-tool-2.8.57.17-3.33.1 spacewalk-backend-iss-2.8.57.17-3.33.1 spacewalk-backend-iss-export-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-backend-package-push-server-2.8.57.17-3.33.1 spacewalk-backend-server-2.8.57.17-3.33.1 spacewalk-backend-sql-2.8.57.17-3.33.1 spacewalk-backend-sql-oracle-2.8.57.17-3.33.1 spacewalk-backend-sql-postgresql-2.8.57.17-3.33.1 spacewalk-backend-tools-2.8.57.17-3.33.1 spacewalk-backend-xml-export-libs-2.8.57.17-3.33.1 spacewalk-backend-xmlrpc-2.8.57.17-3.33.1 spacewalk-base-2.8.7.17-3.30.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-html-2.8.7.17-3.30.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-proxy-broker-2.8.5.6-3.11.1 spacewalk-proxy-common-2.8.5.6-3.11.1 spacewalk-proxy-management-2.8.5.6-3.11.1 spacewalk-proxy-package-manager-2.8.5.6-3.11.1 spacewalk-proxy-redirect-2.8.5.6-3.11.1 spacewalk-proxy-salt-2.8.5.6-3.11.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.9-0.16.27.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1136480 From sle-updates at lists.suse.com Tue Jul 9 13:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:11:34 +0200 (CEST) Subject: SUSE-SU-2019:1790-1: moderate: Security update for SUSE Manager 3.2 : Server and Proxy Message-ID: <20190709191134.7F7D7FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 3.2 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1790-1 Rating: moderate References: #1102770 #1136476 #1136480 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: release-notes-susemanager: - Fix invalid characters in ncurses mode (bsc#1102770) release-notes-susemanager-proxy: - Fix invalid characters in ncurses mode (bsc#1102770) spacewalk-backend: - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI string version to 3.2.9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1790=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1790=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.9-6.35.1 - SUSE Manager Server 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-app-2.8.57.17-3.33.1 spacewalk-backend-applet-2.8.57.17-3.33.1 spacewalk-backend-config-files-2.8.57.17-3.33.1 spacewalk-backend-config-files-common-2.8.57.17-3.33.1 spacewalk-backend-config-files-tool-2.8.57.17-3.33.1 spacewalk-backend-iss-2.8.57.17-3.33.1 spacewalk-backend-iss-export-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-backend-package-push-server-2.8.57.17-3.33.1 spacewalk-backend-server-2.8.57.17-3.33.1 spacewalk-backend-sql-2.8.57.17-3.33.1 spacewalk-backend-sql-oracle-2.8.57.17-3.33.1 spacewalk-backend-sql-postgresql-2.8.57.17-3.33.1 spacewalk-backend-tools-2.8.57.17-3.33.1 spacewalk-backend-xml-export-libs-2.8.57.17-3.33.1 spacewalk-backend-xmlrpc-2.8.57.17-3.33.1 spacewalk-base-2.8.7.17-3.30.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-html-2.8.7.17-3.30.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-proxy-broker-2.8.5.6-3.11.1 spacewalk-proxy-common-2.8.5.6-3.11.1 spacewalk-proxy-management-2.8.5.6-3.11.1 spacewalk-proxy-package-manager-2.8.5.6-3.11.1 spacewalk-proxy-redirect-2.8.5.6-3.11.1 spacewalk-proxy-salt-2.8.5.6-3.11.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.9-0.16.27.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 From sle-updates at lists.suse.com Tue Jul 9 13:12:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:12:30 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191230.65B48FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Tue Jul 9 13:14:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:14:06 +0200 (CEST) Subject: SUSE-RU-2019:1788-1: moderate: Recommended update for the SUSE Manager 4.0 release notes Message-ID: <20190709191406.9271EFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 4.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1788-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for the SUSE Manager 4.0 Release Notes provides the following additions: - SUSE Manager Server bugs fixed by latest updates: bsc#1136480, bsc#1136561, bsc#1136476, bsc#1136857, bsc#1137955 bsc#1138313, bsc#1138358, bsc#1138364, bsc#1139693 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1136476, bsc#1136480, bsc#1138313, bsc#1138358 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-1788=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2019-1788=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2019-1788=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1788=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.1-3.14.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.1-0.16.14.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.1-0.16.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0.1-3.14.1 release-notes-susemanager-proxy-4.0.1-0.16.14.1 References: https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Tue Jul 9 13:15:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:15:39 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191539.7E977FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Tue Jul 9 13:17:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:17:12 +0200 (CEST) Subject: SUSE-SU-2019:1792-1: moderate: Security update for kernel-firmware Message-ID: <20190709191712.4475CFFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1792-1 Rating: moderate References: #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1792=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-firmware-20190618-3.3.1 ucode-amd-20190618-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-updates at lists.suse.com Tue Jul 9 13:18:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:18:08 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191808.C6D6CFFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Tue Jul 9 13:19:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:19:42 +0200 (CEST) Subject: SUSE-SU-2019:1791-1: moderate: Security update for libqb Message-ID: <20190709191942.694FFFFC2@maintenance.suse.de> SUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1791-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1791=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1791=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.3.1 libqb-devel-32bit-1.0.3+20190326.a521604-3.3.1 libqb20-32bit-1.0.3+20190326.a521604-3.3.1 libqb20-32bit-debuginfo-1.0.3+20190326.a521604-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.3.1 libqb-devel-1.0.3+20190326.a521604-3.3.1 libqb-tests-1.0.3+20190326.a521604-3.3.1 libqb-tests-debuginfo-1.0.3+20190326.a521604-3.3.1 libqb-tools-1.0.3+20190326.a521604-3.3.1 libqb-tools-debuginfo-1.0.3+20190326.a521604-3.3.1 libqb20-1.0.3+20190326.a521604-3.3.1 libqb20-debuginfo-1.0.3+20190326.a521604-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 From sle-updates at lists.suse.com Tue Jul 9 19:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 03:10:36 +0200 (CEST) Subject: SUSE-RU-2019:1798-1: moderate: Recommended update for grub2 Message-ID: <20190710011036.E7240FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1798-1 Rating: moderate References: #1127293 #928131 #940457 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Check/refresh zipl-kernel before hibernate on s390x. (bsc#940457) - Removing hardcoded 'vmlinuz'. - Try to refresh zipl-kernel on failed kexec. (bsc#1127293) - Fully support "previous" zipl-kernel with 'mem=1G' being available on dedicated entries. (bsc#928131) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1798=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1798=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1798=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.27.1 grub2-debugsource-2.02-19.27.1 grub2-x86_64-xen-2.02-19.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-19.27.1 grub2-debuginfo-2.02-19.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.27.1 grub2-debuginfo-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.27.1 grub2-systemd-sleep-plugin-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.27.1 grub2-x86_64-efi-2.02-19.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.27.1 References: https://bugzilla.suse.com/1127293 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/940457 From sle-updates at lists.suse.com Tue Jul 9 19:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 03:11:55 +0200 (CEST) Subject: SUSE-RU-2019:1796-1: moderate: Recommended update for saptune Message-ID: <20190710011155.1168EFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1796-1 Rating: moderate References: #1116799 #1120741 #1123808 #1124485 #1124486 #1124487 #1124488 #1124489 #1126220 #1128322 #1128325 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) - Remove new line from println arg list of main.go to support newer go versions. (bsc#1120741) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-1796=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64): saptune-2.0.1-4.6.1 saptune-debuginfo-2.0.1-4.6.1 References: https://bugzilla.suse.com/1116799 https://bugzilla.suse.com/1120741 https://bugzilla.suse.com/1123808 https://bugzilla.suse.com/1124485 https://bugzilla.suse.com/1124486 https://bugzilla.suse.com/1124487 https://bugzilla.suse.com/1124488 https://bugzilla.suse.com/1124489 https://bugzilla.suse.com/1126220 https://bugzilla.suse.com/1128322 https://bugzilla.suse.com/1128325 From sle-updates at lists.suse.com Tue Jul 9 19:13:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 03:13:59 +0200 (CEST) Subject: SUSE-RU-2019:1797-1: moderate: Recommended update for grub2 Message-ID: <20190710011359.27774FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1797-1 Rating: moderate References: #1127293 #928131 #940457 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Check/refresh zipl-kernel before hibernate on s390x. (bsc#940457) - Removing hardcoded 'vmlinuz'. - Try to refresh zipl-kernel on failed kexec. (bsc#1127293) - Fully support "previous" zipl-kernel with 'mem=1G' being available on dedicated entries. (bsc#928131) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1797=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1797=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.12.1 grub2-debuginfo-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): grub2-arm64-efi-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): grub2-i386-pc-2.02-12.12.1 grub2-x86_64-efi-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.12.1 grub2-systemd-sleep-plugin-2.02-12.12.1 grub2-x86_64-xen-2.02-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): grub2-s390x-emu-2.02-12.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.12.1 grub2-systemd-sleep-plugin-2.02-12.12.1 grub2-x86_64-xen-2.02-12.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): grub2-2.02-12.12.1 grub2-debuginfo-2.02-12.12.1 grub2-debugsource-2.02-12.12.1 grub2-i386-pc-2.02-12.12.1 grub2-x86_64-efi-2.02-12.12.1 References: https://bugzilla.suse.com/1127293 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/940457 From sle-updates at lists.suse.com Tue Jul 9 19:14:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 03:14:58 +0200 (CEST) Subject: SUSE-RU-2019:1795-1: moderate: Recommended update for saptune Message-ID: <20190710011458.6ECF2FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1795-1 Rating: moderate References: #1116799 #1123808 #1124485 #1124486 #1124487 #1124488 #1124489 #1126220 #1128322 #1128325 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2019-1795=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (ppc64le x86_64): saptune-2.0.1-8.3.1 saptune-debuginfo-2.0.1-8.3.1 References: https://bugzilla.suse.com/1116799 https://bugzilla.suse.com/1123808 https://bugzilla.suse.com/1124485 https://bugzilla.suse.com/1124486 https://bugzilla.suse.com/1124487 https://bugzilla.suse.com/1124488 https://bugzilla.suse.com/1124489 https://bugzilla.suse.com/1126220 https://bugzilla.suse.com/1128322 https://bugzilla.suse.com/1128325 From sle-updates at lists.suse.com Tue Jul 9 19:17:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 03:17:14 +0200 (CEST) Subject: SUSE-RU-2019:1793-1: Test update for SUSE:SLE-12-SP5:Update (relogin-suggested) Message-ID: <20190710011714.56EFAFFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (relogin-suggested) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1793-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a relogin-suggested test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-relogin-suggested-5-5.30.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-relogin-suggested-5-5.30.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): update-test-relogin-suggested-5-5.30.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Wed Jul 10 04:14:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 12:14:50 +0200 (CEST) Subject: SUSE-RU-2019:1801-1: Recommended update for yast2-country Message-ID: <20190710101450.8EAD1FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-country ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1801-1 Rating: low References: #1133414 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-country fixes the following issues: - Adds a warning if no repository is available for installing translation packages (bsc#1133414) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1801=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-country-4.1.13-3.3.3 yast2-country-data-4.1.13-3.3.3 References: https://bugzilla.suse.com/1133414 From sle-updates at lists.suse.com Wed Jul 10 04:15:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 12:15:32 +0200 (CEST) Subject: SUSE-RU-2019:1800-1: moderate: Recommended update for iprutils Message-ID: <20190710101532.3FD60FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for iprutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1800-1 Rating: moderate References: #1137455 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iprutils fixes the following issues: - Fixes format for RAID hang (jsc#SLE-6586, bsc#1137455) - Fixes driver unbind on format Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1800=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): iprutils-2.4.18-7.3.2 iprutils-debuginfo-2.4.18-7.3.2 iprutils-debugsource-2.4.18-7.3.2 References: https://bugzilla.suse.com/1137455 From sle-updates at lists.suse.com Wed Jul 10 04:16:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 12:16:14 +0200 (CEST) Subject: SUSE-RU-2019:1799-1: moderate: Recommended update for net-snmp Message-ID: <20190710101614.9C7FAFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1799-1 Rating: moderate References: #1116807 #1140341 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for net-snmp fixes the following issues: - Added Lustre filesystem support (bsc#1140341, jsc#SLE-6120). - Added info about the original agent which triggered the trap. When the trap is forwarded there was no info about the original agent (bsc#1116807). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1799=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1799=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1799=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-6.6.1 net-snmp-debugsource-5.7.3-6.6.1 net-snmp-devel-5.7.3-6.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.6.1 libsnmp30-debuginfo-5.7.3-6.6.1 net-snmp-5.7.3-6.6.1 net-snmp-debuginfo-5.7.3-6.6.1 net-snmp-debugsource-5.7.3-6.6.1 perl-SNMP-5.7.3-6.6.1 perl-SNMP-debuginfo-5.7.3-6.6.1 snmp-mibs-5.7.3-6.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsnmp30-32bit-5.7.3-6.6.1 libsnmp30-debuginfo-32bit-5.7.3-6.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsnmp30-32bit-5.7.3-6.6.1 libsnmp30-5.7.3-6.6.1 libsnmp30-debuginfo-32bit-5.7.3-6.6.1 libsnmp30-debuginfo-5.7.3-6.6.1 net-snmp-5.7.3-6.6.1 net-snmp-debuginfo-5.7.3-6.6.1 net-snmp-debugsource-5.7.3-6.6.1 perl-SNMP-5.7.3-6.6.1 perl-SNMP-debuginfo-5.7.3-6.6.1 snmp-mibs-5.7.3-6.6.1 - SUSE CaaS Platform 3.0 (x86_64): libsnmp30-5.7.3-6.6.1 libsnmp30-debuginfo-5.7.3-6.6.1 net-snmp-5.7.3-6.6.1 net-snmp-debuginfo-5.7.3-6.6.1 net-snmp-debugsource-5.7.3-6.6.1 perl-SNMP-5.7.3-6.6.1 perl-SNMP-debuginfo-5.7.3-6.6.1 snmp-mibs-5.7.3-6.6.1 References: https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/1140341 From sle-updates at lists.suse.com Wed Jul 10 07:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:11:18 +0200 (CEST) Subject: SUSE-SU-2019:1803-1: moderate: Security update for kernel-firmware Message-ID: <20190710131118.83AA0FFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1803-1 Rating: moderate References: #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1803=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20190618-3.22.1 ucode-amd-20190618-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-updates at lists.suse.com Wed Jul 10 07:12:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:12:17 +0200 (CEST) Subject: SUSE-SU-2019:1804-1: important: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Message-ID: <20190710131217.BEAB3FFC2@maintenance.suse.de> SUSE Security Update: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1804-1 Rating: important References: #1082007 #1082008 #1082009 #1082010 #1082011 #1082014 #1082058 #1087433 #1087434 #1087436 #1087437 #1087440 #1087441 #1112530 #1112532 #1130028 #1130611 #1130617 #1130620 #1130622 #1130623 #1130627 #1133790 Cross-References: CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has two fixes is now available. Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1804=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1804=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1804=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1804=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-doc-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ruby2.5-doc-ri-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-doc-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ruby2.5-doc-ri-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.5-4.3.1 libruby2_5-2_5-debuginfo-2.5.5-4.3.1 ruby2.5-2.5.5-4.3.1 ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-devel-2.5.5-4.3.1 ruby2.5-devel-extra-2.5.5-4.3.1 ruby2.5-stdlib-2.5.5-4.3.1 ruby2.5-stdlib-debuginfo-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.5-4.3.1 libruby2_5-2_5-debuginfo-2.5.5-4.3.1 ruby2.5-2.5.5-4.3.1 ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-devel-2.5.5-4.3.1 ruby2.5-devel-extra-2.5.5-4.3.1 ruby2.5-stdlib-2.5.5-4.3.1 ruby2.5-stdlib-debuginfo-2.5.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-17742.html https://www.suse.com/security/cve/CVE-2018-1000073.html https://www.suse.com/security/cve/CVE-2018-1000074.html https://www.suse.com/security/cve/CVE-2018-1000075.html https://www.suse.com/security/cve/CVE-2018-1000076.html https://www.suse.com/security/cve/CVE-2018-1000077.html https://www.suse.com/security/cve/CVE-2018-1000078.html https://www.suse.com/security/cve/CVE-2018-1000079.html https://www.suse.com/security/cve/CVE-2018-16395.html https://www.suse.com/security/cve/CVE-2018-16396.html https://www.suse.com/security/cve/CVE-2018-6914.html https://www.suse.com/security/cve/CVE-2018-8777.html https://www.suse.com/security/cve/CVE-2018-8778.html https://www.suse.com/security/cve/CVE-2018-8779.html https://www.suse.com/security/cve/CVE-2018-8780.html https://www.suse.com/security/cve/CVE-2019-8320.html https://www.suse.com/security/cve/CVE-2019-8321.html https://www.suse.com/security/cve/CVE-2019-8322.html https://www.suse.com/security/cve/CVE-2019-8323.html https://www.suse.com/security/cve/CVE-2019-8324.html https://www.suse.com/security/cve/CVE-2019-8325.html https://bugzilla.suse.com/1082007 https://bugzilla.suse.com/1082008 https://bugzilla.suse.com/1082009 https://bugzilla.suse.com/1082010 https://bugzilla.suse.com/1082011 https://bugzilla.suse.com/1082014 https://bugzilla.suse.com/1082058 https://bugzilla.suse.com/1087433 https://bugzilla.suse.com/1087434 https://bugzilla.suse.com/1087436 https://bugzilla.suse.com/1087437 https://bugzilla.suse.com/1087440 https://bugzilla.suse.com/1087441 https://bugzilla.suse.com/1112530 https://bugzilla.suse.com/1112532 https://bugzilla.suse.com/1130028 https://bugzilla.suse.com/1130611 https://bugzilla.suse.com/1130617 https://bugzilla.suse.com/1130620 https://bugzilla.suse.com/1130622 https://bugzilla.suse.com/1130623 https://bugzilla.suse.com/1130627 https://bugzilla.suse.com/1133790 From sle-updates at lists.suse.com Wed Jul 10 07:15:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:15:30 +0200 (CEST) Subject: SUSE-SU-2019:1806-1: important: Security update for libdlm, libqb Message-ID: <20190710131530.DDD34FFC2@maintenance.suse.de> SUSE Security Update: Security update for libdlm, libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1806-1 Rating: important References: #1069468 #1074327 #1098449 #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for libdlm, libqb fixes the following issues: libqb to version 1.0.3: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). - Enabled use of filesystem sockets for linux (fate#323415). - Fixed logging with newer binutils version (bsc#1074327). libdlm: - Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1806=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1806=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1806=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm-devel-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb-devel-1.0.3+20171226.6d62b64-4.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libdlm-4.0.7-3.3.2 libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm3-4.0.7-3.3.2 libdlm3-debuginfo-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb0-1.0.3+20171226.6d62b64-4.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libdlm-4.0.7-3.3.2 libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm3-4.0.7-3.3.2 libdlm3-debuginfo-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb0-1.0.3+20171226.6d62b64-4.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1074327 https://bugzilla.suse.com/1098449 https://bugzilla.suse.com/1137835 From sle-updates at lists.suse.com Wed Jul 10 07:16:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:16:44 +0200 (CEST) Subject: SUSE-SU-2019:1802-1: moderate: Security update for kernel-firmware Message-ID: <20190710131644.EB33EFFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1802-1 Rating: moderate References: #1091203 #1104289 #1110720 #1122456 #1128292 #1132303 #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for kernel-firmware aligns the firmware code with SUSE Linux Enterprise Server 15. The version is now at 20190618. Please refer to the kernel-firmware rpm changelog file to see the full history of changes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1802=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1802=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-firmware-20190618-5.8.1 ucode-amd-20190618-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-firmware-20190618-5.8.1 ucode-amd-20190618-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1091203 https://bugzilla.suse.com/1104289 https://bugzilla.suse.com/1110720 https://bugzilla.suse.com/1122456 https://bugzilla.suse.com/1128292 https://bugzilla.suse.com/1132303 https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-updates at lists.suse.com Wed Jul 10 07:18:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:18:20 +0200 (CEST) Subject: SUSE-RU-2019:1805-1: moderate: Recommended update for python-MarkupSafe Message-ID: <20190710131820.9A775FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-MarkupSafe ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1805-1 Rating: moderate References: #1139130 #1139363 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-MarkupSafe fixes the following issues: python-MarkupSafe was updated to 0.23 (bsc#1139130 bsc#1139363) * The update provides the missing EscapeFormatter class Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1805=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1805=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1805=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1805=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1805=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1805=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 python3-MarkupSafe-debuginfo-0.23-16.6.1 - SUSE Manager Proxy 3.2 (x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 python3-MarkupSafe-debuginfo-0.23-16.6.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 python3-MarkupSafe-0.23-16.6.1 - SUSE CaaS Platform 3.0 (x86_64): python-MarkupSafe-0.23-16.6.1 python-MarkupSafe-debuginfo-0.23-16.6.1 python-MarkupSafe-debugsource-0.23-16.6.1 References: https://bugzilla.suse.com/1139130 https://bugzilla.suse.com/1139363 From sle-updates at lists.suse.com Wed Jul 10 10:10:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:10:57 +0200 (CEST) Subject: SUSE-SU-2019:14120-1: important: Security update for sqlite3 Message-ID: <20190710161057.37E06FFC2@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14120-1 Rating: important References: #1136976 Cross-References: CVE-2019-8457 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed an heap out-of-bound read in the rtreenode() when handling invalid rtree tables (bsc#1136976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sqlite3-14120=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sqlite3-debugsource-3.6.4-4.3.2 References: https://www.suse.com/security/cve/CVE-2019-8457.html https://bugzilla.suse.com/1136976 From sle-updates at lists.suse.com Wed Jul 10 10:11:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:11:39 +0200 (CEST) Subject: SUSE-RU-2019:1807-1: moderate: Recommended update for java-11-openjdk Message-ID: <20190710161139.3C312FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1807-1 Rating: moderate References: #1137264 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the OpenJDK LTS version 11 in the java-11-openjdk packages. (FATE#326347 bsc#1137264) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1807=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1807=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1807=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1807=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-11-openjdk-accessibility-11.0.3.0-3.28.1 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debugsource-11.0.3.0-3.28.1 java-11-openjdk-jmods-11.0.3.0-3.28.1 java-11-openjdk-src-11.0.3.0-3.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.28.1 java-11-openjdk-accessibility-11.0.3.0-3.28.1 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debugsource-11.0.3.0-3.28.1 java-11-openjdk-demo-11.0.3.0-3.28.1 java-11-openjdk-devel-11.0.3.0-3.28.1 java-11-openjdk-headless-11.0.3.0-3.28.1 java-11-openjdk-jmods-11.0.3.0-3.28.1 java-11-openjdk-src-11.0.3.0-3.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.28.1 java-11-openjdk-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debugsource-11.0.3.0-3.28.1 java-11-openjdk-demo-11.0.3.0-3.28.1 java-11-openjdk-devel-11.0.3.0-3.28.1 java-11-openjdk-headless-11.0.3.0-3.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.28.1 java-11-openjdk-debuginfo-11.0.3.0-3.28.1 java-11-openjdk-debugsource-11.0.3.0-3.28.1 java-11-openjdk-demo-11.0.3.0-3.28.1 java-11-openjdk-devel-11.0.3.0-3.28.1 java-11-openjdk-headless-11.0.3.0-3.28.1 References: https://bugzilla.suse.com/1137264 From sle-updates at lists.suse.com Wed Jul 10 10:12:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:12:21 +0200 (CEST) Subject: SUSE-SU-2019:1809-1: Security update for fence-agents Message-ID: <20190710161221.C6559FFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1809-1 Rating: low References: #1137314 #1139913 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1809=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-3.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-3.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1137314 https://bugzilla.suse.com/1139913 From sle-updates at lists.suse.com Wed Jul 10 10:13:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:13:08 +0200 (CEST) Subject: SUSE-SU-2019:1810-1: moderate: Security update for postgresql10 Message-ID: <20190710161308.8AC45FFC2@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1810-1 Rating: moderate References: #1134689 #1138034 Cross-References: CVE-2019-10130 CVE-2019-10164 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-9.html * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1810=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1810=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1810=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1810=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libecpg6-10.9-4.13.2 libecpg6-debuginfo-10.9-4.13.2 postgresql10-contrib-10.9-4.13.2 postgresql10-contrib-debuginfo-10.9-4.13.2 postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-devel-10.9-4.13.2 postgresql10-devel-debuginfo-10.9-4.13.2 postgresql10-plperl-10.9-4.13.2 postgresql10-plperl-debuginfo-10.9-4.13.2 postgresql10-plpython-10.9-4.13.2 postgresql10-plpython-debuginfo-10.9-4.13.2 postgresql10-pltcl-10.9-4.13.2 postgresql10-pltcl-debuginfo-10.9-4.13.2 postgresql10-server-10.9-4.13.2 postgresql10-server-debuginfo-10.9-4.13.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): postgresql10-docs-10.9-4.13.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-test-10.9-4.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-test-10.9-4.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libpq5-32bit-10.9-4.13.2 libpq5-32bit-debuginfo-10.9-4.13.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpq5-10.9-4.13.2 libpq5-debuginfo-10.9-4.13.2 postgresql10-10.9-4.13.2 postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 References: https://www.suse.com/security/cve/CVE-2019-10130.html https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1134689 https://bugzilla.suse.com/1138034 From sle-updates at lists.suse.com Wed Jul 10 10:13:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:13:57 +0200 (CEST) Subject: SUSE-RU-2019:1808-1: moderate: Recommended update for libgcrypt Message-ID: <20190710161357.AD7C7FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1808-1 Rating: moderate References: #1133808 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1808=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1808=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-8.3.1 libgcrypt-cavs-debuginfo-1.8.2-8.3.1 libgcrypt-debugsource-1.8.2-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgcrypt-devel-32bit-1.8.2-8.3.1 libgcrypt-devel-32bit-debuginfo-1.8.2-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.3.1 libgcrypt-devel-1.8.2-8.3.1 libgcrypt-devel-debuginfo-1.8.2-8.3.1 libgcrypt20-1.8.2-8.3.1 libgcrypt20-debuginfo-1.8.2-8.3.1 libgcrypt20-hmac-1.8.2-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgcrypt20-32bit-1.8.2-8.3.1 libgcrypt20-32bit-debuginfo-1.8.2-8.3.1 libgcrypt20-hmac-32bit-1.8.2-8.3.1 References: https://bugzilla.suse.com/1133808 From sle-updates at lists.suse.com Wed Jul 10 13:10:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 21:10:38 +0200 (CEST) Subject: SUSE-SU-2019:1813-1: Security update for fence-agents Message-ID: <20190710191038.B020EFFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1813-1 Rating: low References: #1049852 #1137314 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Included timestamps when logging (bsc#1049852). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1813=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1049852 https://bugzilla.suse.com/1137314 From sle-updates at lists.suse.com Wed Jul 10 13:11:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Jul 2019 21:11:28 +0200 (CEST) Subject: SUSE-SU-2019:1812-1: moderate: Security update for libqb Message-ID: <20190710191128.7B8A5FFC2@maintenance.suse.de> SUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1812-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issues: Security issue fixed: - CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files (bsc#1137835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1812=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1812=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libqb0-1.0.3+20171226.6d62b64-3.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): libqb-debugsource-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libqb0-32bit-1.0.3+20171226.6d62b64-3.3.1 libqb0-32bit-debuginfo-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-3.3.1 libqb-devel-1.0.3+20171226.6d62b64-3.3.1 libqb0-1.0.3+20171226.6d62b64-3.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 From sle-updates at lists.suse.com Thu Jul 11 04:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 12:12:47 +0200 (CEST) Subject: SUSE-RU-2019:1815-1: moderate: Recommended update for timezone Message-ID: <20190711101247.992CAFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1815-1 Rating: moderate References: #1140016 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1815=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1815=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): timezone-2019b-3.20.1 timezone-debuginfo-2019b-3.20.1 timezone-debugsource-2019b-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): timezone-java-2019b-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2019b-3.20.1 timezone-debuginfo-2019b-3.20.1 timezone-debugsource-2019b-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2019b-3.20.1 References: https://bugzilla.suse.com/1140016 From sle-updates at lists.suse.com Thu Jul 11 04:13:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 12:13:39 +0200 (CEST) Subject: SUSE-RU-2019:1818-1: moderate: Recommended update for timezone Message-ID: <20190711101339.E436DFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1818-1 Rating: moderate References: #1135262 #1140016 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1818=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1818=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1818=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1818=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1818=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1818=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1818=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1818=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1818=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1818=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1818=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1818=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1818=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1818=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): timezone-java-2019b-0.74.26.1 - SUSE OpenStack Cloud 8 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE OpenStack Cloud 7 (s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE OpenStack Cloud 7 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Enterprise Storage 5 (noarch): timezone-java-2019b-0.74.26.1 - SUSE Enterprise Storage 5 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Enterprise Storage 4 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 - SUSE Enterprise Storage 4 (noarch): timezone-java-2019b-0.74.26.1 - SUSE CaaS Platform 3.0 (x86_64): timezone-2019b-74.26.1 timezone-debuginfo-2019b-74.26.1 timezone-debugsource-2019b-74.26.1 References: https://bugzilla.suse.com/1135262 https://bugzilla.suse.com/1140016 From sle-updates at lists.suse.com Thu Jul 11 04:14:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 12:14:32 +0200 (CEST) Subject: SUSE-RU-2019:1816-1: Optional update for kiwi-templates-SLES12-JeOS Message-ID: <20190711101432.4318CFFC2@maintenance.suse.de> SUSE Recommended Update: Optional update for kiwi-templates-SLES12-JeOS ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1816-1 Rating: low References: #1138158 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the kiwi-templates-SLES12-JeOS templates. (FATE#327561 bsc#1138158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1816=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kiwi-templates-SLES12-JeOS-12.4-4.3.2 References: https://bugzilla.suse.com/1138158 From sle-updates at lists.suse.com Thu Jul 11 04:15:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 12:15:14 +0200 (CEST) Subject: SUSE-RU-2019:1814-1: Recommended update for ses-manual_en Message-ID: <20190711101514.060B0FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1814-1 Rating: low References: #1129108 #1134992 #1135939 #1136624 #1136871 #1137945 #1138181 #1138189 #1138191 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - hint from dbyte on disabling 'subvolume_init' - set 'require-osd-release' after OSDs upgrade (jsc#SES-355) - check for 'recovery_deletes' and 'purged_snapdirs' (jsc#SES-354) - OGW frontends + their configuration (jsc#SES-453) - clarify when Samba oplocks / leases are safe to use (jsc#SES-178) - mapping RBD using old kernel clients (bsc#1134992) - disabling AppArmor during upgrade (bsc#1137945) - CDTB clusters not online-upgradeable (bsc#1129108) - Prometheus Alertmanager SNMP trap receiver (jsc#SES-83) - co-location of services on HA nodes (bsc#1136871) - online cluster upgrade explanation (bsc#1135939) - listing orphaned packages (bsc#1136624) - updated 'profile-*/' directory to 'role-storage/' (bsc#1138181) - Civetweb replaced by Beast (bsc#1138191) - Fixes a typo in YML file path (bsc#1138189) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-1814=1 Package List: - SUSE Enterprise Storage 6 (noarch): ses-admin_en-pdf-6+git56.4984303-3.3.1 ses-deployment_en-pdf-6+git56.4984303-3.3.1 ses-manual_en-6+git56.4984303-3.3.1 References: https://bugzilla.suse.com/1129108 https://bugzilla.suse.com/1134992 https://bugzilla.suse.com/1135939 https://bugzilla.suse.com/1136624 https://bugzilla.suse.com/1136871 https://bugzilla.suse.com/1137945 https://bugzilla.suse.com/1138181 https://bugzilla.suse.com/1138189 https://bugzilla.suse.com/1138191 From sle-updates at lists.suse.com Thu Jul 11 04:16:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 12:16:58 +0200 (CEST) Subject: SUSE-RU-2019:1817-1: moderate: Recommended update for yast2 Message-ID: <20190711101658.A1953FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1817-1 Rating: moderate References: #1133367 #1136708 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Slideshow: Flag for switching on/off release notes tab. (bsc#1136708) - Make sure the wizard buttons always remain visible in NCurses. (bsc#1133367) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1817=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.71-3.3.1 yast2-logs-4.1.71-3.3.1 References: https://bugzilla.suse.com/1133367 https://bugzilla.suse.com/1136708 From sle-updates at lists.suse.com Thu Jul 11 07:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 15:10:53 +0200 (CEST) Subject: SUSE-RU-2019:1820-1: moderate: Recommended update for velum Message-ID: <20190711131053.A1FAAFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1820-1 Rating: moderate References: #1121348 #1121349 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues: * Updated 'rack' rubygem to address (CVE-2018-16471, bsc#1121349) * Updated the following rubygem packages to address CVE-2018-16476: rubygem-rails-4_2, rubygem-activejob-4_2, rubygem-activesupport-4_2, rubygem-actionview-4_2, rubygem-actionmailer-4_2, rubygem-actionpack-4_2, rubygem-activemodel-4_2, rubygem-railties-4_2, rubygem-activerecord-4_2 (CVE-2018-16476, bsc#1121348) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.14-3.50.3 References: https://www.suse.com/security/cve/CVE-2018-16471.html https://www.suse.com/security/cve/CVE-2018-16476.html https://bugzilla.suse.com/1121348 https://bugzilla.suse.com/1121349 From sle-updates at lists.suse.com Thu Jul 11 07:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Jul 2019 15:11:41 +0200 (CEST) Subject: SUSE-SU-2019:1819-1: Security update for fence-agents Message-ID: <20190711131141.D52DEFFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1819-1 Rating: low References: #1137314 #1139913 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1819=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1819=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.5.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-7.5.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1137314 https://bugzilla.suse.com/1139913 From sle-updates at lists.suse.com Thu Jul 11 19:10:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:10:35 +0200 (CEST) Subject: SUSE-FU-2019:1793-1: Test update for SUSE:SLE-12-SP5:Update (feature) Message-ID: <20190712011035.BB83EFFC2@maintenance.suse.de> SUSE Feature Update: Test update for SUSE:SLE-12-SP5:Update (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2019:1793-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-feature-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-feature-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Thu Jul 11 19:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:11:18 +0200 (CEST) Subject: SUSE-RU-2019:1822-1: moderate: Recommended update for golang-github-prometheus-prometheus Message-ID: <20190712011118.6F376FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1822-1 Rating: moderate References: #1124610 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - fix spec file: actually ship promtool - Update to 2.7.1: + Bug Fixes: * Fix a Stored DOM XSS vulnerability with query history (bsc#1124610) * prometheus_rule_group_last_duration_seconds now reports seconds instead of nanoseconds * Make sure the targets are consistently sorted in the targets page - Update to 2.7.0: + cli flag depreacted: storage.tsdb.retention use storage.tsdb.retention.time instead; depreacted flag will be removed in 3.0 + Features: * Add subqueries to PromQL * Add support for disk size based retention. Note that we don't consider the WAL size which could be significant and the time based retention policy also applies (experimental) * Add CORS origin flag + Bug Fixes: * Don't depend on given order when comparing samples in alert unit testing * Make sure the retention period doesn't overflow * Don't generate blocks with no samples - Update to 2.6.0: + Remove default flags from the container's entrypoint, run Prometheus from /etc/prometheus and symlink the storage directory to /etc/prometheus/data + Promtool: Remove the update command + Features: * Add JSON log format via the --log.format flag * API: Add /api/v1/labels endpoint to get all label names * Web: Allow setting the page's title via the --web.ui-title flag + Enhancements: * Add prometheus_tsdb_lowest_timestamp_seconds, prometheus_tsdb_head_min_time_seconds and prometheus_tsdb_head_max_time_seconds metrics * Add rule_group_last_evaluation_timestamp_seconds metric * Add prometheus_template_text_expansion_failures_total and prometheus_template_text_expansions_total metrics * Set consistent User-Agent header in outgoing requests * Azure SD: Error out at load time when authentication parameters are missing * EC2 SD: Add the machine's private DNS name to the discovery metadata * EC2 SD: Add the operating system's platform to the discovery metadata * Kubernetes SD: Add the pod's phase to the discovery metadata * Kubernetes SD: Log Kubernetes messages * Promtool: Collect CPU and trace profiles * Promtool: Support writing output as JSON * Remote Read: Return available data if remote read fails partially * Remote Write: Improve queue performance * Remote Write: Add min_shards parameter to set the minimum number of shards * TSDB: Improve WAL reading * TSDB: Memory improvements * Web: Log stack traces on panic * Web UI: Add copy to clipboard button for configuration * Web UI: Support console queries at specific times * Web UI: group targets by job then instance + Bug Fixes: * Deduplicate handler labels for HTTP metrics * Fix leaked queriers causing shutdowns to hang * Fix configuration loading panics on nil pointer slice elements * API: Correctly skip mismatching targets on /api/v1/targets/metadata * API: Better rounding for incoming query timestamps * Discovery: Remove all targets when the scrape configuration gets empty * PromQL: Fix a goroutine leak in the lexer/parser * Scrape: Fix deadlock in the scrape's manager * Scrape: Scrape targets at fixed intervals even after Prometheus restarts * TSDB: Support restored snapshots including the head properly * TSDB: Repair WAL when the last record in a segment is torn - Update to 2.5.0: + Group targets by scrape config instead of job name + Marathon SD: Various changes to adapt to Marathon 1.5+ + Discovery: Split prometheus_sd_discovered_targets metric by scrape and notify (Alertmanager SD) as well as by section in the respective configuration + Enhancements: * Support s390x platform for Linux * API: Add prometheus_api_remote_read_queries metric tracking currently executed or waiting remote read API requests * Remote Read: Add prometheus_remote_storage_remote_read_queries metric tracking currently in-flight remote read queries * Remote Read: Reduced memory usage * Discovery: Add prometheus_sd_discovered_targets, prometheus_sd_received_updates_total, prometheus_sd_updates_delayed_total, and prometheus_sd_updates_total metrics for discovery subsystem * Discovery: Improve performance of previously slow updates of changes of targets * Kubernetes SD: Add extended metrics * OpenStack SD: Support discovering instances from all projects * OpenStack SD: Discover all interfaces * OpenStack SD: Support tls_config for the used HTTP client * Triton SD: Add ability to filter triton_sd targets by pre-defined groups * Web UI: Avoid browser spell-checking in expression field * Web UI: Add scrape duration and last evaluation time in targets and rules pages * Web UI: Improve rule view by wrapping lines * Rules: Error out at load time for invalid templates, rather than at evaluation time + Bug Fixes: * Change max/min over_time to handle NaNs properly * Check label name for count_values PromQL function * Ensure that vectors and matrices do not contain identical label-sets - Update to 2.4.3: + Bug Fixes: * Fix panic when using custom EC2 API for SD #4672 * Fix panic when Zookeeper SD cannot connect to servers #4669 * Make the skip_head an optional parameter for snapshot API #4674 - Update to 2.4.2: + Bug Fixes: * Handle WAL corruptions properly prometheus/tsdb#389 * Handle WAL migrations correctly on Windows prometheus/tsdb#392 - Update to 2.4.1: + New TSDB metrics + [BUGFIX] Render UI correctly for Windows - Update to 2.4.0: + The WAL implementation has been re-written so the storage is not forward compatible. Prometheus 2.3 storage will work on 2.4 but not vice-versa + Reduce remote write default retries + Remove /heap endpoint + Features: * Persist alert 'for' state across restarts * Add API providing per target metric metadata * Add API providing recording and alerting rules + Enhancements: * Brand new WAL implementation for TSDB. Forwards incompatible with previous WAL. * Show rule evaluation errors in UI * Throttle resends of alerts to Alertmanager * Send EndsAt along with the alert to Alertmanager * Limit the samples returned by remote read endpoint * Limit the data read in through remote read * Coalesce identical SD configuations * promtool: Add new commands for debugging and querying * Update console examples for node_exporter v0.16.0 * Optimize PromQL aggregations * Remote read: Add Offset to hints * consul_sd: Add support for ServiceMeta field * ec2_sd: Maintain order of subnet_id label * ec2_sd: Add support for custom endpoint to support EC2 compliant APIs * ec2_sd: Add instance_owner label * azure_sd: Add support for VMSS discovery and multiple environments * gce_sd: Add instance_id label * Forbid rule-abiding robots from indexing * Log virtual memory limits on startup + Bug Fixes: * Wait for service discovery to stop before exiting * Render SD configs properly * Only add LookbackDelta to vector selectors * ec2_sd: Handle panic-ing nil pointer * consul_sd: Stop leaking connections * Use templated labels also to identify alerts * Reduce floating point errors in stddev and related functions * Log errors while encoding responses - Update to 2.3.2: + Bug Fixes: * Fix various tsdb bugs * Reorder startup and shutdown to prevent panics. * Exit with non-zero code on error * discovery/kubernetes/ingress: fix scheme discovery * Fix race in zookeeper sd * Better timeout handling in promql * Propogate errors when selecting series from the tsdb - Update to 2.3.1: + Bug Fixes: * Avoid infinite loop on duplicate NaN values. * Fix nil pointer deference when using various API endpoints * config: set target group source index during unmarshalling * discovery/file: fix logging * kubernetes_sd: fix namespace filtering * web: restore old path prefix behavior * web: remove security headers added in 2.3.0 - Update to 2.3.0 + marathon_sd: use auth_token and auth_token_file for token-based authentication instead of bearer_token and bearer_token_file respectively + Metric names for HTTP server metrics changed + Features: * Add query commands to promtool * Add security headers to HTTP server responses * Pass query hints via remote read API * Basic auth passwords can now be configured via file across all configuration + Enhancements: * Optimise PromQL and API serialization for memory usage and allocations * Limit number of dropped targets in web UI * Consul and EC2 service discovery allow using server-side filtering for performance improvement * Add advanced filtering configuration to EC2 service discovery * marathon_sd: adds support for basic and bearer authentication, plus all other common HTTP client options (TLS config, proxy URL, etc.) * Provide machine type metadata and labels in GCE service discovery * Add pod controller kind and name to Kubernetes service discovery data * Move TSDB to flock-based log file that works with Docker containers + Bug Fixes: * Properly propagate storage errors in PromQL * Fix path prefix for web pages * Fix goroutine leak in Consul service discovery * Fix races in scrape manager * Fix OOM for very large k in PromQL topk() queries * Make remote write more resilient to unavailable receivers * Make remote write shutdown cleanly * Don't leak files on errors in TSDB's tombstone cleanup * Unary minus expressions now removes the metric name from results * Fix bug that lead to wrong amount of samples considered for time range expressions - Update to 2.2.1 + Bug Fixes: * Fix data loss in TSDB on compaction * Correctly stop timer in remote-write path * Fix deadlock triggered by loading targets page * Fix incorrect buffering of samples on range selection queries * Handle large index files on windows properly - Update to 2.2.0 + This release introduces improvements to the storage format and fixes a regression introduced in 2.1. As a result Prometheus servers upgraded to 2.2 cannot be downgraded to a lower version anymore! + Rename file SD mtime metric + Send target update on empty pod IP in Kubernetes SD + Features: * Add API endpoint for flags. * Add API endpoint for dropped targets. * Display annotations on alerts page. * Add option to skip head data when taking snapshots + Enhancements: * Federation performance improvement. * Read bearer token file on every scrape. * Improve typeahead on /graph page. * Change rule file formatting. * Set consul server default to localhost:8500. * Add dropped Alertmanagers to API info endpoint. * Add OS type meta label to Azure SD. * Validate required fields in SD configuration. + Bug Fixes: * Prevent stack overflow on deep recursion in TSDB. * Correctly read offsets in index files that are greater than 4GB. * Fix scraping behavior for empty labels. * Drop metric name for bool modifier. * Fix races in discovery. * Fix Kubernetes endpoints SD for empty subsets. * Throttle updates from SD providers, which caused increased CPU usage and allocations. * Fix TSDB block reload issue. * Fix PromQL printing of empty without(). * Don't reset FiredAt for inactive alerts. * Fix erroneous file version changes and repair existing data. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-1822=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1822=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.7.1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.7.1-3.3.1 References: https://bugzilla.suse.com/1124610 From sle-updates at lists.suse.com Thu Jul 11 19:11:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:11:59 +0200 (CEST) Subject: SUSE-OU-2019:1793-1: Test update for SUSE:SLE-12-SP5:Update (optional) Message-ID: <20190712011159.BECE4FFC2@maintenance.suse.de> SUSE Optional Update: Test update for SUSE:SLE-12-SP5:Update (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:1793-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-optional-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-optional-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Thu Jul 11 19:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:12:40 +0200 (CEST) Subject: SUSE-RU-2019:1793-2: Test update for SUSE:SLE-12-SP5:Update (interactive) Message-ID: <20190712011240.292EBFFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1793-2 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-interactive-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-interactive-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Thu Jul 11 19:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:13:19 +0200 (CEST) Subject: SUSE-SU-2019:1793-1: important: Test update for SUSE:SLE-12-SP5:Update (security) Message-ID: <20190712011319.0D617FFC2@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-12-SP5:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1793-1 Rating: important References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-security-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-security-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 04:14:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 12:14:38 +0200 (CEST) Subject: SUSE-SU-2019:1823-1: important: Security update for the Linux Kernel Message-ID: <20190712101438.E1F4AFFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1823-1 Rating: important References: #1096254 #1108382 #1109137 #1127155 #1133190 #1133738 #1134395 #1134701 #1136922 #1136935 #1137194 #1138291 #1140575 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1823=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1823=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1823=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1823=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1823=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.117.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 kgraft-patch-4_4_121-92_117-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134701 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1140575 From sle-updates at lists.suse.com Fri Jul 12 07:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 15:10:52 +0200 (CEST) Subject: SUSE-SU-2019:1824-1: important: Security update for glib2 Message-ID: <20190712131052.20F96FFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1824-1 Rating: important References: #1139959 Cross-References: CVE-2019-13012 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1824=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1824=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1824=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glib2-lang-2.38.2-7.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glib2-lang-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): glib2-lang-2.38.2-7.12.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 From sle-updates at lists.suse.com Fri Jul 12 10:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:1352-2: moderate: Security update for python3 Message-ID: <20190712161131.044E2FFC2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1352-2 Rating: moderate References: #1130840 #1133452 Cross-References: CVE-2019-9947 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1352=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1352=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-testsuite-3.6.8-3.16.2 python3-testsuite-debuginfo-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.8-3.16.2 libpython3_6m1_0-32bit-debuginfo-3.6.8-3.16.2 python3-32bit-3.6.8-3.16.2 python3-32bit-debuginfo-3.6.8-3.16.2 python3-base-32bit-3.6.8-3.16.2 python3-base-32bit-debuginfo-3.6.8-3.16.2 python3-debugsource-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-tools-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.16.2 libpython3_6m1_0-debuginfo-3.6.8-3.16.2 python3-3.6.8-3.16.2 python3-base-3.6.8-3.16.2 python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-curses-3.6.8-3.16.2 python3-curses-debuginfo-3.6.8-3.16.2 python3-dbm-3.6.8-3.16.2 python3-dbm-debuginfo-3.6.8-3.16.2 python3-debuginfo-3.6.8-3.16.2 python3-debugsource-3.6.8-3.16.2 python3-devel-3.6.8-3.16.2 python3-devel-debuginfo-3.6.8-3.16.2 python3-idle-3.6.8-3.16.2 python3-tk-3.6.8-3.16.2 python3-tk-debuginfo-3.6.8-3.16.2 References: https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1133452 From sle-updates at lists.suse.com Fri Jul 12 10:12:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:12:19 +0200 (CEST) Subject: SUSE-SU-2019:1829-1: important: Security update for the Linux Kernel Message-ID: <20190712161219.E4542FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1829-1 Rating: important References: #1051510 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 71 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - edac, amd64: Add Hygon Dhyana support. - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - kabi workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: fixup blk_mq_register_dev() (bsc#1140637). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: pm: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: pm: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1829=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1829=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.33.1 kernel-azure-base-4.12.14-5.33.1 kernel-azure-base-debuginfo-4.12.14-5.33.1 kernel-azure-debuginfo-4.12.14-5.33.1 kernel-azure-devel-4.12.14-5.33.1 kernel-syms-azure-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.33.1 kernel-source-azure-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-azure-4.12.14-5.33.1 cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1 dlm-kmp-azure-4.12.14-5.33.1 dlm-kmp-azure-debuginfo-4.12.14-5.33.1 gfs2-kmp-azure-4.12.14-5.33.1 gfs2-kmp-azure-debuginfo-4.12.14-5.33.1 kernel-azure-4.12.14-5.33.1 kernel-azure-base-4.12.14-5.33.1 kernel-azure-base-debuginfo-4.12.14-5.33.1 kernel-azure-debuginfo-4.12.14-5.33.1 kernel-azure-debugsource-4.12.14-5.33.1 kernel-azure-devel-4.12.14-5.33.1 kernel-azure-devel-debuginfo-4.12.14-5.33.1 kernel-azure-extra-4.12.14-5.33.1 kernel-azure-extra-debuginfo-4.12.14-5.33.1 kernel-azure-livepatch-4.12.14-5.33.1 kernel-syms-azure-4.12.14-5.33.1 kselftests-kmp-azure-4.12.14-5.33.1 kselftests-kmp-azure-debuginfo-4.12.14-5.33.1 ocfs2-kmp-azure-4.12.14-5.33.1 ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1 reiserfs-kmp-azure-4.12.14-5.33.1 reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-devel-azure-4.12.14-5.33.1 kernel-source-azure-4.12.14-5.33.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-updates at lists.suse.com Fri Jul 12 10:24:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:24:32 +0200 (CEST) Subject: SUSE-SU-2019:1825-1: moderate: Security update for tomcat Message-ID: <20190712162432.49DDBFFC2@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1825-1 Rating: moderate References: #1139924 Cross-References: CVE-2019-0199 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issue fixed: - CVE-2019-0199: Added additional fixes to address HTTP/2 connection window exhaustion (bsc#1139924). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1825=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1825=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.21-3.27.1 tomcat-admin-webapps-9.0.21-3.27.1 tomcat-el-3_0-api-9.0.21-3.27.1 tomcat-jsp-2_3-api-9.0.21-3.27.1 tomcat-lib-9.0.21-3.27.1 tomcat-servlet-4_0-api-9.0.21-3.27.1 tomcat-webapps-9.0.21-3.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.21-3.27.1 tomcat-embed-9.0.21-3.27.1 tomcat-javadoc-9.0.21-3.27.1 tomcat-jsvc-9.0.21-3.27.1 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://bugzilla.suse.com/1139924 From sle-updates at lists.suse.com Fri Jul 12 10:25:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:25:15 +0200 (CEST) Subject: SUSE-SU-2019:1826-1: important: Security update for bubblewrap Message-ID: <20190712162515.79CCEFFC2@maintenance.suse.de> SUSE Security Update: Security update for bubblewrap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1826-1 Rating: important References: #1136958 Cross-References: CVE-2019-12439 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bubblewrap fixes the following issues: Security issue fixed: - CVE-2019-12439: Fixed insecure use of /tmp (bsc#1136958). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1826=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bubblewrap-0.2.0-3.3.1 bubblewrap-debuginfo-0.2.0-3.3.1 bubblewrap-debugsource-0.2.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12439.html https://bugzilla.suse.com/1136958 From sle-updates at lists.suse.com Fri Jul 12 13:11:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:11:30 +0200 (CEST) Subject: SUSE-SU-2019:1835-1: moderate: Security update for expat Message-ID: <20190712191130.15434FFC2@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1835-1 Rating: moderate References: #1139937 Cross-References: CVE-2018-20843 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1835=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1835=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1835=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-32bit-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.3.1 expat-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-2.2.5-3.3.1 libexpat1-2.2.5-3.3.1 libexpat1-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 libexpat1-32bit-2.2.5-3.3.1 libexpat1-32bit-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.3.1 expat-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-2.2.5-3.3.1 libexpat1-2.2.5-3.3.1 libexpat1-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 libexpat1-32bit-2.2.5-3.3.1 libexpat1-32bit-debuginfo-2.2.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20843.html https://bugzilla.suse.com/1139937 From sle-updates at lists.suse.com Fri Jul 12 13:12:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:12:12 +0200 (CEST) Subject: SUSE-SU-2019:1832-1: moderate: Security update for php7 Message-ID: <20190712191212.60517FFC2@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1832-1 Rating: moderate References: #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-1832=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1832=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1832=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1832=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1832=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.35.3 apache2-mod_php7-debuginfo-7.2.5-4.35.3 php7-7.2.5-4.35.3 php7-bcmath-7.2.5-4.35.3 php7-bcmath-debuginfo-7.2.5-4.35.3 php7-bz2-7.2.5-4.35.3 php7-bz2-debuginfo-7.2.5-4.35.3 php7-calendar-7.2.5-4.35.3 php7-calendar-debuginfo-7.2.5-4.35.3 php7-ctype-7.2.5-4.35.3 php7-ctype-debuginfo-7.2.5-4.35.3 php7-curl-7.2.5-4.35.3 php7-curl-debuginfo-7.2.5-4.35.3 php7-dba-7.2.5-4.35.3 php7-dba-debuginfo-7.2.5-4.35.3 php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-devel-7.2.5-4.35.3 php7-dom-7.2.5-4.35.3 php7-dom-debuginfo-7.2.5-4.35.3 php7-enchant-7.2.5-4.35.3 php7-enchant-debuginfo-7.2.5-4.35.3 php7-exif-7.2.5-4.35.3 php7-exif-debuginfo-7.2.5-4.35.3 php7-fastcgi-7.2.5-4.35.3 php7-fastcgi-debuginfo-7.2.5-4.35.3 php7-fileinfo-7.2.5-4.35.3 php7-fileinfo-debuginfo-7.2.5-4.35.3 php7-fpm-7.2.5-4.35.3 php7-fpm-debuginfo-7.2.5-4.35.3 php7-ftp-7.2.5-4.35.3 php7-ftp-debuginfo-7.2.5-4.35.3 php7-gd-7.2.5-4.35.3 php7-gd-debuginfo-7.2.5-4.35.3 php7-gettext-7.2.5-4.35.3 php7-gettext-debuginfo-7.2.5-4.35.3 php7-gmp-7.2.5-4.35.3 php7-gmp-debuginfo-7.2.5-4.35.3 php7-iconv-7.2.5-4.35.3 php7-iconv-debuginfo-7.2.5-4.35.3 php7-intl-7.2.5-4.35.3 php7-intl-debuginfo-7.2.5-4.35.3 php7-json-7.2.5-4.35.3 php7-json-debuginfo-7.2.5-4.35.3 php7-ldap-7.2.5-4.35.3 php7-ldap-debuginfo-7.2.5-4.35.3 php7-mbstring-7.2.5-4.35.3 php7-mbstring-debuginfo-7.2.5-4.35.3 php7-mysql-7.2.5-4.35.3 php7-mysql-debuginfo-7.2.5-4.35.3 php7-odbc-7.2.5-4.35.3 php7-odbc-debuginfo-7.2.5-4.35.3 php7-opcache-7.2.5-4.35.3 php7-opcache-debuginfo-7.2.5-4.35.3 php7-openssl-7.2.5-4.35.3 php7-openssl-debuginfo-7.2.5-4.35.3 php7-pcntl-7.2.5-4.35.3 php7-pcntl-debuginfo-7.2.5-4.35.3 php7-pdo-7.2.5-4.35.3 php7-pdo-debuginfo-7.2.5-4.35.3 php7-pgsql-7.2.5-4.35.3 php7-pgsql-debuginfo-7.2.5-4.35.3 php7-phar-7.2.5-4.35.3 php7-phar-debuginfo-7.2.5-4.35.3 php7-posix-7.2.5-4.35.3 php7-posix-debuginfo-7.2.5-4.35.3 php7-shmop-7.2.5-4.35.3 php7-shmop-debuginfo-7.2.5-4.35.3 php7-snmp-7.2.5-4.35.3 php7-snmp-debuginfo-7.2.5-4.35.3 php7-soap-7.2.5-4.35.3 php7-soap-debuginfo-7.2.5-4.35.3 php7-sockets-7.2.5-4.35.3 php7-sockets-debuginfo-7.2.5-4.35.3 php7-sqlite-7.2.5-4.35.3 php7-sqlite-debuginfo-7.2.5-4.35.3 php7-sysvmsg-7.2.5-4.35.3 php7-sysvmsg-debuginfo-7.2.5-4.35.3 php7-sysvsem-7.2.5-4.35.3 php7-sysvsem-debuginfo-7.2.5-4.35.3 php7-sysvshm-7.2.5-4.35.3 php7-sysvshm-debuginfo-7.2.5-4.35.3 php7-tokenizer-7.2.5-4.35.3 php7-tokenizer-debuginfo-7.2.5-4.35.3 php7-wddx-7.2.5-4.35.3 php7-wddx-debuginfo-7.2.5-4.35.3 php7-xmlreader-7.2.5-4.35.3 php7-xmlreader-debuginfo-7.2.5-4.35.3 php7-xmlrpc-7.2.5-4.35.3 php7-xmlrpc-debuginfo-7.2.5-4.35.3 php7-xmlwriter-7.2.5-4.35.3 php7-xmlwriter-debuginfo-7.2.5-4.35.3 php7-xsl-7.2.5-4.35.3 php7-xsl-debuginfo-7.2.5-4.35.3 php7-zip-7.2.5-4.35.3 php7-zip-debuginfo-7.2.5-4.35.3 php7-zlib-7.2.5-4.35.3 php7-zlib-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.35.3 php7-pear-Archive_Tar-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.35.3 apache2-mod_php7-debuginfo-7.2.5-4.35.3 php7-7.2.5-4.35.3 php7-bcmath-7.2.5-4.35.3 php7-bcmath-debuginfo-7.2.5-4.35.3 php7-bz2-7.2.5-4.35.3 php7-bz2-debuginfo-7.2.5-4.35.3 php7-calendar-7.2.5-4.35.3 php7-calendar-debuginfo-7.2.5-4.35.3 php7-ctype-7.2.5-4.35.3 php7-ctype-debuginfo-7.2.5-4.35.3 php7-curl-7.2.5-4.35.3 php7-curl-debuginfo-7.2.5-4.35.3 php7-dba-7.2.5-4.35.3 php7-dba-debuginfo-7.2.5-4.35.3 php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-devel-7.2.5-4.35.3 php7-dom-7.2.5-4.35.3 php7-dom-debuginfo-7.2.5-4.35.3 php7-enchant-7.2.5-4.35.3 php7-enchant-debuginfo-7.2.5-4.35.3 php7-exif-7.2.5-4.35.3 php7-exif-debuginfo-7.2.5-4.35.3 php7-fastcgi-7.2.5-4.35.3 php7-fastcgi-debuginfo-7.2.5-4.35.3 php7-fileinfo-7.2.5-4.35.3 php7-fileinfo-debuginfo-7.2.5-4.35.3 php7-fpm-7.2.5-4.35.3 php7-fpm-debuginfo-7.2.5-4.35.3 php7-ftp-7.2.5-4.35.3 php7-ftp-debuginfo-7.2.5-4.35.3 php7-gd-7.2.5-4.35.3 php7-gd-debuginfo-7.2.5-4.35.3 php7-gettext-7.2.5-4.35.3 php7-gettext-debuginfo-7.2.5-4.35.3 php7-gmp-7.2.5-4.35.3 php7-gmp-debuginfo-7.2.5-4.35.3 php7-iconv-7.2.5-4.35.3 php7-iconv-debuginfo-7.2.5-4.35.3 php7-intl-7.2.5-4.35.3 php7-intl-debuginfo-7.2.5-4.35.3 php7-json-7.2.5-4.35.3 php7-json-debuginfo-7.2.5-4.35.3 php7-ldap-7.2.5-4.35.3 php7-ldap-debuginfo-7.2.5-4.35.3 php7-mbstring-7.2.5-4.35.3 php7-mbstring-debuginfo-7.2.5-4.35.3 php7-mysql-7.2.5-4.35.3 php7-mysql-debuginfo-7.2.5-4.35.3 php7-odbc-7.2.5-4.35.3 php7-odbc-debuginfo-7.2.5-4.35.3 php7-opcache-7.2.5-4.35.3 php7-opcache-debuginfo-7.2.5-4.35.3 php7-openssl-7.2.5-4.35.3 php7-openssl-debuginfo-7.2.5-4.35.3 php7-pcntl-7.2.5-4.35.3 php7-pcntl-debuginfo-7.2.5-4.35.3 php7-pdo-7.2.5-4.35.3 php7-pdo-debuginfo-7.2.5-4.35.3 php7-pgsql-7.2.5-4.35.3 php7-pgsql-debuginfo-7.2.5-4.35.3 php7-phar-7.2.5-4.35.3 php7-phar-debuginfo-7.2.5-4.35.3 php7-posix-7.2.5-4.35.3 php7-posix-debuginfo-7.2.5-4.35.3 php7-shmop-7.2.5-4.35.3 php7-shmop-debuginfo-7.2.5-4.35.3 php7-snmp-7.2.5-4.35.3 php7-snmp-debuginfo-7.2.5-4.35.3 php7-soap-7.2.5-4.35.3 php7-soap-debuginfo-7.2.5-4.35.3 php7-sockets-7.2.5-4.35.3 php7-sockets-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-sqlite-7.2.5-4.35.3 php7-sqlite-debuginfo-7.2.5-4.35.3 php7-sysvmsg-7.2.5-4.35.3 php7-sysvmsg-debuginfo-7.2.5-4.35.3 php7-sysvsem-7.2.5-4.35.3 php7-sysvsem-debuginfo-7.2.5-4.35.3 php7-sysvshm-7.2.5-4.35.3 php7-sysvshm-debuginfo-7.2.5-4.35.3 php7-tokenizer-7.2.5-4.35.3 php7-tokenizer-debuginfo-7.2.5-4.35.3 php7-wddx-7.2.5-4.35.3 php7-wddx-debuginfo-7.2.5-4.35.3 php7-xmlreader-7.2.5-4.35.3 php7-xmlreader-debuginfo-7.2.5-4.35.3 php7-xmlrpc-7.2.5-4.35.3 php7-xmlrpc-debuginfo-7.2.5-4.35.3 php7-xmlwriter-7.2.5-4.35.3 php7-xmlwriter-debuginfo-7.2.5-4.35.3 php7-xsl-7.2.5-4.35.3 php7-xsl-debuginfo-7.2.5-4.35.3 php7-zip-7.2.5-4.35.3 php7-zip-debuginfo-7.2.5-4.35.3 php7-zlib-7.2.5-4.35.3 php7-zlib-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.35.3 php7-pear-Archive_Tar-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 php7-readline-7.2.5-4.35.3 php7-readline-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-tidy-7.2.5-4.35.3 php7-tidy-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 php7-readline-7.2.5-4.35.3 php7-readline-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-tidy-7.2.5-4.35.3 php7-tidy-debuginfo-7.2.5-4.35.3 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-updates at lists.suse.com Fri Jul 12 13:13:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:13:02 +0200 (CEST) Subject: SUSE-SU-2019:1833-1: moderate: Security update for glib2 Message-ID: <20190712191302.DC3DCFFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1833-1 Rating: moderate References: #1139959 Cross-References: CVE-2019-13012 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1833=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1833=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1833=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1833=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1833=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-32bit-2.54.3-4.18.1 glib2-devel-32bit-debuginfo-2.54.3-4.18.1 glib2-tools-32bit-2.54.3-4.18.1 glib2-tools-32bit-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-32bit-2.54.3-4.18.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-static-2.54.3-4.18.1 libgio-fam-2.54.3-4.18.1 libgio-fam-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glib2-devel-32bit-2.54.3-4.18.1 glib2-devel-32bit-debuginfo-2.54.3-4.18.1 glib2-tools-32bit-2.54.3-4.18.1 glib2-tools-32bit-debuginfo-2.54.3-4.18.1 libgio-fam-32bit-2.54.3-4.18.1 libgio-fam-32bit-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-32bit-2.54.3-4.18.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gio-branding-upstream-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-static-2.54.3-4.18.1 libgio-fam-2.54.3-4.18.1 libgio-fam-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gio-branding-upstream-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-2.54.3-4.18.1 glib2-devel-debuginfo-2.54.3-4.18.1 glib2-tools-2.54.3-4.18.1 glib2-tools-debuginfo-2.54.3-4.18.1 libgio-2_0-0-2.54.3-4.18.1 libgio-2_0-0-debuginfo-2.54.3-4.18.1 libglib-2_0-0-2.54.3-4.18.1 libglib-2_0-0-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-2.54.3-4.18.1 libgmodule-2_0-0-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-2.54.3-4.18.1 libgobject-2_0-0-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-2.54.3-4.18.1 libgthread-2_0-0-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glib2-lang-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgio-2_0-0-32bit-2.54.3-4.18.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libglib-2_0-0-32bit-2.54.3-4.18.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-32bit-2.54.3-4.18.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-32bit-2.54.3-4.18.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-2.54.3-4.18.1 glib2-devel-debuginfo-2.54.3-4.18.1 glib2-tools-2.54.3-4.18.1 glib2-tools-debuginfo-2.54.3-4.18.1 libgio-2_0-0-2.54.3-4.18.1 libgio-2_0-0-debuginfo-2.54.3-4.18.1 libglib-2_0-0-2.54.3-4.18.1 libglib-2_0-0-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-2.54.3-4.18.1 libgmodule-2_0-0-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-2.54.3-4.18.1 libgobject-2_0-0-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-2.54.3-4.18.1 libgthread-2_0-0-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glib2-lang-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgio-2_0-0-32bit-2.54.3-4.18.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libglib-2_0-0-32bit-2.54.3-4.18.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-32bit-2.54.3-4.18.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-32bit-2.54.3-4.18.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 From sle-updates at lists.suse.com Fri Jul 12 13:13:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:13:43 +0200 (CEST) Subject: SUSE-SU-2019:1834-1: moderate: Security update for expat Message-ID: <20190712191343.45F9CFFC2@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1834-1 Rating: moderate References: #1139937 Cross-References: CVE-2018-20843 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1834=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1834=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1834=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat-devel-2.1.0-21.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.6.1 libexpat1-32bit-2.1.0-21.6.1 libexpat1-debuginfo-32bit-2.1.0-21.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debuginfo-32bit-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-32bit-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 libexpat1-debuginfo-32bit-2.1.0-21.6.1 - SUSE CaaS Platform 3.0 (x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 References: https://www.suse.com/security/cve/CVE-2018-20843.html https://bugzilla.suse.com/1139937 From sle-updates at lists.suse.com Fri Jul 12 13:14:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:14:27 +0200 (CEST) Subject: SUSE-SU-2019:1830-1: important: Security update for glib2 Message-ID: <20190712191427.7B046FFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1830-1 Rating: important References: #1139959 #1140122 Cross-References: CVE-2019-13012 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1830=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1830=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-1830=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1830=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1830=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1830=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1830=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1830=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1830=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1830=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1830=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1830=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1830=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1830=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1830=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1830=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1830=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE OpenStack Cloud 8 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE OpenStack Cloud 7 (s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE OpenStack Cloud 7 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-devel-2.48.2-12.15.1 glib2-devel-debuginfo-2.48.2-12.15.1 glib2-devel-static-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-devel-2.48.2-12.15.1 glib2-devel-debuginfo-2.48.2-12.15.1 glib2-devel-static-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Enterprise Storage 4 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Enterprise Storage 4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE CaaS Platform 3.0 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE CaaS Platform 3.0 (noarch): gio-branding-upstream-2.48.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 https://bugzilla.suse.com/1140122 From sle-updates at lists.suse.com Fri Jul 12 19:10:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:10:38 +0200 (CEST) Subject: SUSE-OU-2019:1837-1: Test update for SUSE:SLE-12-SP5:Update (optional) Message-ID: <20190713011038.1AB32FFC2@maintenance.suse.de> SUSE Optional Update: Test update for SUSE:SLE-12-SP5:Update (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:1837-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1837=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1837=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-optional-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-optional-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:11:19 +0200 (CEST) Subject: SUSE-FU-2019:1840-1: Test update for SUSE:SLE-12-SP5:Update (feature) Message-ID: <20190713011119.4B363FFC2@maintenance.suse.de> SUSE Feature Update: Test update for SUSE:SLE-12-SP5:Update (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2019:1840-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1840=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1840=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-feature-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-feature-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:11:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:11:59 +0200 (CEST) Subject: SUSE-RU-2019:1836-1: Test update for SUSE:SLE-12-SP5:Update (affects-package-manager) Message-ID: <20190713011159.EF6FDFFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (affects-package-manager) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1836-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a affects-package-manager test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1836=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1836=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-affects-package-manager-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:12:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:12:38 +0200 (CEST) Subject: SUSE-SU-2019:1838-1: important: Test update for SUSE:SLE-12-SP5:Update (security) Message-ID: <20190713011238.1DC5AFFC2@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-12-SP5:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1838-1 Rating: important References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1838=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1838=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-security-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-security-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:13:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:13:16 +0200 (CEST) Subject: SUSE-RU-2019:1839-1: Test update for SUSE:SLE-12-SP5:Update (trivial) Message-ID: <20190713011316.B1E07FFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (trivial) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1839-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a trivial test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1839=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1839=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-trival-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-trival-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:13:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:13:55 +0200 (CEST) Subject: SUSE-RU-2019:1842-1: Test update for SUSE:SLE-12-SP5:Update (interactive) Message-ID: <20190713011355.BF777FFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1842-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1842=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1842=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-interactive-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-interactive-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Fri Jul 12 19:14:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:14:35 +0200 (CEST) Subject: SUSE-RU-2019:1841-1: Test update for SUSE:SLE-12-SP5:Update (reboot-needed) Message-ID: <20190713011435.4AF44FFC2@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-12-SP5:Update (reboot-needed) ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1841-1 Rating: low References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a reboot-needed test update for SUSE:SLE-12-SP5:Update Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1841=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1841=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-reboot-needed-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-reboot-needed-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-updates at lists.suse.com Mon Jul 15 04:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 12:11:18 +0200 (CEST) Subject: SUSE-SU-2019:1823-2: important: Security update for the Linux Kernel Message-ID: <20190715101118.45CB0FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1823-2 Rating: important References: #1096254 #1108382 #1109137 #1127155 #1133190 #1133738 #1134395 #1134701 #1136922 #1136935 #1137194 #1138291 #1140575 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1823=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.117.1 cluster-md-kmp-default-debuginfo-4.4.121-92.117.1 cluster-network-kmp-default-4.4.121-92.117.1 cluster-network-kmp-default-debuginfo-4.4.121-92.117.1 dlm-kmp-default-4.4.121-92.117.1 dlm-kmp-default-debuginfo-4.4.121-92.117.1 gfs2-kmp-default-4.4.121-92.117.1 gfs2-kmp-default-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 ocfs2-kmp-default-4.4.121-92.117.1 ocfs2-kmp-default-debuginfo-4.4.121-92.117.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134701 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1140575 From sle-updates at lists.suse.com Mon Jul 15 04:14:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 12:14:25 +0200 (CEST) Subject: SUSE-RU-2019:1845-1: moderate: Recommended update for open-iscsi Message-ID: <20190715101425.73023FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1845-1 Rating: moderate References: #1135070 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Adds iscsiuio support of systemd (bsc#1135070) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1845=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1845=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.13.2 iscsiuio-debuginfo-0.7.8.2-12.13.2 libopeniscsiusr0_2_0-2.0.876-12.13.2 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.13.2 open-iscsi-2.0.876-12.13.2 open-iscsi-debuginfo-2.0.876-12.13.2 open-iscsi-debugsource-2.0.876-12.13.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): iscsiuio-0.7.8.2-12.13.2 iscsiuio-debuginfo-0.7.8.2-12.13.2 libopeniscsiusr0_2_0-2.0.876-12.13.2 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.13.2 open-iscsi-2.0.876-12.13.2 open-iscsi-debuginfo-2.0.876-12.13.2 open-iscsi-debugsource-2.0.876-12.13.2 References: https://bugzilla.suse.com/1135070 From sle-updates at lists.suse.com Mon Jul 15 04:15:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 12:15:07 +0200 (CEST) Subject: SUSE-RU-2019:1843-1: important: Initial shipment of package sles-ltss-release Message-ID: <20190715101507.4CBFFFFC3@maintenance.suse.de> SUSE Recommended Update: Initial shipment of package sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1843-1 Rating: important References: #1141069 #1141108 Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 12 SP3 customers. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1843=1 Package List: - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): sles-ltss-release-12.3-10.5.1 sles-ltss-release-POOL-12.3-10.5.1 References: https://bugzilla.suse.com/1141069 https://bugzilla.suse.com/1141108 From sle-updates at lists.suse.com Mon Jul 15 04:15:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 12:15:54 +0200 (CEST) Subject: SUSE-RU-2019:1844-1: Recommended update for pam Message-ID: <20190715101554.482ADFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1844-1 Rating: low References: #1116544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issues: - restricted the number of file descriptors to close to a more sensible number based upon resource limits (bsc#1116544) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1844=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1844=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1844=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 pam-devel-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): pam-32bit-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): pam-doc-1.1.8-24.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): pam-1.1.8-24.24.1 pam-32bit-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debuginfo-32bit-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): pam-doc-1.1.8-24.24.1 - SUSE CaaS Platform 3.0 (x86_64): pam-1.1.8-24.24.1 pam-debuginfo-1.1.8-24.24.1 pam-debugsource-1.1.8-24.24.1 References: https://bugzilla.suse.com/1116544 From sle-updates at lists.suse.com Mon Jul 15 07:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 15:10:59 +0200 (CEST) Subject: SUSE-SU-2019:1846-1: important: Security update for bzip2 Message-ID: <20190715131059.6917FFFC2@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1846-1 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1846=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1846=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1846=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1846=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bzip2-doc-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bzip2-debugsource-1.0.6-5.6.1 libbz2-devel-32bit-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bzip2-doc-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.6.1 bzip2-debuginfo-1.0.6-5.6.1 bzip2-debugsource-1.0.6-5.6.1 libbz2-1-1.0.6-5.6.1 libbz2-1-debuginfo-1.0.6-5.6.1 libbz2-devel-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libbz2-1-32bit-1.0.6-5.6.1 libbz2-1-32bit-debuginfo-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.6.1 bzip2-debuginfo-1.0.6-5.6.1 bzip2-debugsource-1.0.6-5.6.1 libbz2-1-1.0.6-5.6.1 libbz2-1-debuginfo-1.0.6-5.6.1 libbz2-devel-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libbz2-1-32bit-1.0.6-5.6.1 libbz2-1-32bit-debuginfo-1.0.6-5.6.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-updates at lists.suse.com Mon Jul 15 10:11:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:11:23 +0200 (CEST) Subject: SUSE-SU-2019:1847-1: important: Security update for xrdp Message-ID: <20190715161123.10B41FFC2@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1847-1 Rating: important References: #1014524 #1015567 #1029912 #1060644 #1069591 #1090174 #1100453 #1101506 Cross-References: CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for xrdp fixes the following issues: These security issues were fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). These non-security issues were fixed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Fixed a regression connecting from Windows 10. (bsc#1090174) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1847=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1847=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1 References: https://www.suse.com/security/cve/CVE-2013-1430.html https://www.suse.com/security/cve/CVE-2017-16927.html https://www.suse.com/security/cve/CVE-2017-6967.html https://bugzilla.suse.com/1014524 https://bugzilla.suse.com/1015567 https://bugzilla.suse.com/1029912 https://bugzilla.suse.com/1060644 https://bugzilla.suse.com/1069591 https://bugzilla.suse.com/1090174 https://bugzilla.suse.com/1100453 https://bugzilla.suse.com/1101506 From sle-updates at lists.suse.com Mon Jul 15 10:13:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:13:07 +0200 (CEST) Subject: SUSE-SU-2019:1850-1: important: Security update for webkit2gtk3 Message-ID: <20190715161307.4CC04FFC2@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1850-1 Rating: important References: #1133291 #1135715 Cross-References: CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1850=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1850=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1850=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1850=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.2-2.44.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 webkit2gtk3-devel-2.24.2-2.44.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.2-2.44.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.2-2.44.1 libwebkit2gtk-4_0-37-2.24.2-2.44.1 libwebkit2gtk-4_0-37-debuginfo-2.24.2-2.44.1 typelib-1_0-JavaScriptCore-4_0-2.24.2-2.44.1 typelib-1_0-WebKit2-4_0-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.2-2.44.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.2-2.44.1 libwebkit2gtk-4_0-37-2.24.2-2.44.1 libwebkit2gtk-4_0-37-debuginfo-2.24.2-2.44.1 typelib-1_0-JavaScriptCore-4_0-2.24.2-2.44.1 typelib-1_0-WebKit2-4_0-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.2-2.44.1 References: https://www.suse.com/security/cve/CVE-2019-6237.html https://www.suse.com/security/cve/CVE-2019-8571.html https://www.suse.com/security/cve/CVE-2019-8583.html https://www.suse.com/security/cve/CVE-2019-8584.html https://www.suse.com/security/cve/CVE-2019-8586.html https://www.suse.com/security/cve/CVE-2019-8587.html https://www.suse.com/security/cve/CVE-2019-8594.html https://www.suse.com/security/cve/CVE-2019-8595.html https://www.suse.com/security/cve/CVE-2019-8596.html https://www.suse.com/security/cve/CVE-2019-8597.html https://www.suse.com/security/cve/CVE-2019-8601.html https://www.suse.com/security/cve/CVE-2019-8607.html https://www.suse.com/security/cve/CVE-2019-8608.html https://www.suse.com/security/cve/CVE-2019-8609.html https://www.suse.com/security/cve/CVE-2019-8610.html https://www.suse.com/security/cve/CVE-2019-8611.html https://www.suse.com/security/cve/CVE-2019-8615.html https://www.suse.com/security/cve/CVE-2019-8619.html https://www.suse.com/security/cve/CVE-2019-8622.html https://www.suse.com/security/cve/CVE-2019-8623.html https://bugzilla.suse.com/1133291 https://bugzilla.suse.com/1135715 From sle-updates at lists.suse.com Mon Jul 15 10:13:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:13:55 +0200 (CEST) Subject: SUSE-SU-2019:14122-1: important: Security update for bzip2 Message-ID: <20190715161355.4ED60FFC2@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14122-1 Rating: important References: #1139083 #985657 Cross-References: CVE-2016-3189 CVE-2019-12900 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bzip2-14122=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bzip2-14122=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bzip2-14122=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bzip2-14122=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bzip2-1.0.5-34.256.5.1 bzip2-doc-1.0.5-34.256.5.1 libbz2-1-1.0.5-34.256.5.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libbz2-1-32bit-1.0.5-34.256.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bzip2-1.0.5-34.256.5.1 bzip2-doc-1.0.5-34.256.5.1 libbz2-1-1.0.5-34.256.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.5.1 bzip2-debugsource-1.0.5-34.256.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.5.1 bzip2-debugsource-1.0.5-34.256.5.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 https://bugzilla.suse.com/985657 From sle-updates at lists.suse.com Mon Jul 15 10:14:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:14:46 +0200 (CEST) Subject: SUSE-SU-2019:1849-1: moderate: Security update for podofo Message-ID: <20190715161446.11793FFC2@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1849-1 Rating: moderate References: #1035596 #1076962 #1096890 #1099720 #1124357 Cross-References: CVE-2017-8054 CVE-2018-11255 CVE-2018-12982 CVE-2018-20751 CVE-2018-5783 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for podofo fixes the following issues: Security issues fixed: - CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596). - CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). - CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890). - CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357). - CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720). - Fixed a buffer overflow in TestEncrypt function. - Fixed a null pointer dereference in PdfTranslator-setTarget function. - Fixed a heap based buffer overflow PdfVariant:DelayedLoad function. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1849=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1849=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1849=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.9.2 libpodofo0_9_2-debuginfo-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.9.2 libpodofo0_9_2-debuginfo-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 References: https://www.suse.com/security/cve/CVE-2017-8054.html https://www.suse.com/security/cve/CVE-2018-11255.html https://www.suse.com/security/cve/CVE-2018-12982.html https://www.suse.com/security/cve/CVE-2018-20751.html https://www.suse.com/security/cve/CVE-2018-5783.html https://bugzilla.suse.com/1035596 https://bugzilla.suse.com/1076962 https://bugzilla.suse.com/1096890 https://bugzilla.suse.com/1099720 https://bugzilla.suse.com/1124357 From sle-updates at lists.suse.com Mon Jul 15 13:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:11:04 +0200 (CEST) Subject: SUSE-SU-2019:1854-1: important: Security update for the Linux Kernel Message-ID: <20190715191105.01FE7FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1854-1 Rating: important References: #1051510 #1071995 #1088047 #1098633 #1103990 #1103991 #1103992 #1106383 #1109837 #1111666 #1112374 #1114685 #1119113 #1119532 #1120423 #1125703 #1128902 #1130836 #1131645 #1132390 #1133401 #1133738 #1134303 #1134395 #1135556 #1135642 #1135897 #1136161 #1136264 #1136343 #1136935 #1137625 #1137728 #1138879 #1139712 #1139751 #1139771 #1139865 #1140133 #1140228 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 69 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). The following non-security bugs were fixed: - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879). - Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3 packets" (bsc#1103990). - Revert "Revert "Drop multiversion(kernel) from the KMP template ()"" - Revert "Sign non-x86 kernels when possible (boo#1134303)" This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-extra-4.12.14-197.10.1 kernel-default-extra-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-obs-qa-4.12.14-197.10.1 kernel-vanilla-4.12.14-197.10.1 kernel-vanilla-base-4.12.14-197.10.1 kernel-vanilla-base-debuginfo-4.12.14-197.10.1 kernel-vanilla-debuginfo-4.12.14-197.10.1 kernel-vanilla-debugsource-4.12.14-197.10.1 kernel-vanilla-devel-4.12.14-197.10.1 kernel-vanilla-devel-debuginfo-4.12.14-197.10.1 kernel-vanilla-livepatch-devel-4.12.14-197.10.1 kselftests-kmp-default-4.12.14-197.10.1 kselftests-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.10.1 kernel-debug-base-4.12.14-197.10.1 kernel-debug-base-debuginfo-4.12.14-197.10.1 kernel-debug-debuginfo-4.12.14-197.10.1 kernel-debug-debugsource-4.12.14-197.10.1 kernel-debug-devel-4.12.14-197.10.1 kernel-debug-devel-debuginfo-4.12.14-197.10.1 kernel-debug-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.10.1 dtb-allwinner-4.12.14-197.10.1 dtb-altera-4.12.14-197.10.1 dtb-amd-4.12.14-197.10.1 dtb-amlogic-4.12.14-197.10.1 dtb-apm-4.12.14-197.10.1 dtb-arm-4.12.14-197.10.1 dtb-broadcom-4.12.14-197.10.1 dtb-cavium-4.12.14-197.10.1 dtb-exynos-4.12.14-197.10.1 dtb-freescale-4.12.14-197.10.1 dtb-hisilicon-4.12.14-197.10.1 dtb-lg-4.12.14-197.10.1 dtb-marvell-4.12.14-197.10.1 dtb-mediatek-4.12.14-197.10.1 dtb-nvidia-4.12.14-197.10.1 dtb-qcom-4.12.14-197.10.1 dtb-renesas-4.12.14-197.10.1 dtb-rockchip-4.12.14-197.10.1 dtb-socionext-4.12.14-197.10.1 dtb-sprd-4.12.14-197.10.1 dtb-xilinx-4.12.14-197.10.1 dtb-zte-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.10.1 kernel-source-vanilla-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.10.1 kernel-kvmsmall-base-4.12.14-197.10.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debugsource-4.12.14-197.10.1 kernel-kvmsmall-devel-4.12.14-197.10.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 kernel-zfcpdump-man-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 reiserfs-kmp-default-4.12.14-197.10.1 reiserfs-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.10.1 kernel-obs-build-debugsource-4.12.14-197.10.1 kernel-syms-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.10.1 kernel-source-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.10.1 kernel-default-base-4.12.14-197.10.1 kernel-default-base-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-devel-4.12.14-197.10.1 kernel-default-devel-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.10.1 kernel-macros-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.10.1 kernel-zfcpdump-4.12.14-197.10.1 kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.10.1 cluster-md-kmp-default-debuginfo-4.12.14-197.10.1 dlm-kmp-default-4.12.14-197.10.1 dlm-kmp-default-debuginfo-4.12.14-197.10.1 gfs2-kmp-default-4.12.14-197.10.1 gfs2-kmp-default-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 ocfs2-kmp-default-4.12.14-197.10.1 ocfs2-kmp-default-debuginfo-4.12.14-197.10.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-13233.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 From sle-updates at lists.suse.com Mon Jul 15 13:21:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:21:25 +0200 (CEST) Subject: SUSE-SU-2019:1855-1: important: Security update for the Linux Kernel Message-ID: <20190715192125.8865EFFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1855-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ACPI: Add Hygon Dhyana support (). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%build_flavor to kernel-%build_flavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Build klp-symbols in kernel devel projects. - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - Move stuff git_sort chokes on, out of the way - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - SMB3: Fix endian warning (bsc#1137884). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - added De0-Nanos-SoC board support (and others based on Altera SOC). - af_key: unconditionally clone on broadcast (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1855=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1855=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1855=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1855=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1855=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-extra-4.12.14-150.27.1 kernel-default-extra-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.27.1 kernel-default-base-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-obs-qa-4.12.14-150.27.1 kselftests-kmp-default-4.12.14-150.27.1 kselftests-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 reiserfs-kmp-default-4.12.14-150.27.1 reiserfs-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.27.1 kernel-obs-build-debugsource-4.12.14-150.27.1 kernel-syms-4.12.14-150.27.1 kernel-vanilla-base-4.12.14-150.27.1 kernel-vanilla-base-debuginfo-4.12.14-150.27.1 kernel-vanilla-debuginfo-4.12.14-150.27.1 kernel-vanilla-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.27.1 kernel-source-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.27.1 kernel-default-base-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-devel-4.12.14-150.27.1 kernel-default-devel-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.27.1 kernel-macros-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.27.1 kernel-zfcpdump-4.12.14-150.27.1 kernel-zfcpdump-debuginfo-4.12.14-150.27.1 kernel-zfcpdump-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.27.1 cluster-md-kmp-default-debuginfo-4.12.14-150.27.1 dlm-kmp-default-4.12.14-150.27.1 dlm-kmp-default-debuginfo-4.12.14-150.27.1 gfs2-kmp-default-4.12.14-150.27.1 gfs2-kmp-default-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 ocfs2-kmp-default-4.12.14-150.27.1 ocfs2-kmp-default-debuginfo-4.12.14-150.27.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-updates at lists.suse.com Mon Jul 15 13:32:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:32:57 +0200 (CEST) Subject: SUSE-SU-2019:1854-1: important: Security update for the Linux Kernel Message-ID: <20190715193257.8AF50FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1854-1 Rating: important References: #1051510 #1071995 #1088047 #1098633 #1103990 #1103991 #1103992 #1106383 #1109837 #1111666 #1112374 #1114685 #1119113 #1119532 #1120423 #1125703 #1128902 #1130836 #1131645 #1132390 #1133401 #1133738 #1134303 #1134395 #1135556 #1135642 #1135897 #1136161 #1136264 #1136343 #1136935 #1137625 #1137728 #1138879 #1139712 #1139751 #1139771 #1139865 #1140133 #1140228 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 69 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). The following non-security bugs were fixed: - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879). - Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3 packets" (bsc#1103990). - Revert "Revert "Drop multiversion(kernel) from the KMP template ()"" - Revert "Sign non-x86 kernels when possible (boo#1134303)" This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-extra-4.12.14-197.10.1 kernel-default-extra-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-obs-qa-4.12.14-197.10.1 kernel-vanilla-4.12.14-197.10.1 kernel-vanilla-base-4.12.14-197.10.1 kernel-vanilla-base-debuginfo-4.12.14-197.10.1 kernel-vanilla-debuginfo-4.12.14-197.10.1 kernel-vanilla-debugsource-4.12.14-197.10.1 kernel-vanilla-devel-4.12.14-197.10.1 kernel-vanilla-devel-debuginfo-4.12.14-197.10.1 kernel-vanilla-livepatch-devel-4.12.14-197.10.1 kselftests-kmp-default-4.12.14-197.10.1 kselftests-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.10.1 kernel-debug-base-4.12.14-197.10.1 kernel-debug-base-debuginfo-4.12.14-197.10.1 kernel-debug-debuginfo-4.12.14-197.10.1 kernel-debug-debugsource-4.12.14-197.10.1 kernel-debug-devel-4.12.14-197.10.1 kernel-debug-devel-debuginfo-4.12.14-197.10.1 kernel-debug-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.10.1 dtb-allwinner-4.12.14-197.10.1 dtb-altera-4.12.14-197.10.1 dtb-amd-4.12.14-197.10.1 dtb-amlogic-4.12.14-197.10.1 dtb-apm-4.12.14-197.10.1 dtb-arm-4.12.14-197.10.1 dtb-broadcom-4.12.14-197.10.1 dtb-cavium-4.12.14-197.10.1 dtb-exynos-4.12.14-197.10.1 dtb-freescale-4.12.14-197.10.1 dtb-hisilicon-4.12.14-197.10.1 dtb-lg-4.12.14-197.10.1 dtb-marvell-4.12.14-197.10.1 dtb-mediatek-4.12.14-197.10.1 dtb-nvidia-4.12.14-197.10.1 dtb-qcom-4.12.14-197.10.1 dtb-renesas-4.12.14-197.10.1 dtb-rockchip-4.12.14-197.10.1 dtb-socionext-4.12.14-197.10.1 dtb-sprd-4.12.14-197.10.1 dtb-xilinx-4.12.14-197.10.1 dtb-zte-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.10.1 kernel-source-vanilla-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.10.1 kernel-kvmsmall-base-4.12.14-197.10.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debugsource-4.12.14-197.10.1 kernel-kvmsmall-devel-4.12.14-197.10.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 kernel-zfcpdump-man-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-livepatch-4.12.14-197.10.1 kernel-default-livepatch-devel-4.12.14-197.10.1 kernel-livepatch-4_12_14-197_10-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 reiserfs-kmp-default-4.12.14-197.10.1 reiserfs-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.10.1 kernel-obs-build-debugsource-4.12.14-197.10.1 kernel-syms-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.10.1 kernel-source-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.10.1 kernel-default-base-4.12.14-197.10.1 kernel-default-base-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-devel-4.12.14-197.10.1 kernel-default-devel-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.10.1 kernel-macros-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.10.1 kernel-zfcpdump-4.12.14-197.10.1 kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.10.1 cluster-md-kmp-default-debuginfo-4.12.14-197.10.1 dlm-kmp-default-4.12.14-197.10.1 dlm-kmp-default-debuginfo-4.12.14-197.10.1 gfs2-kmp-default-4.12.14-197.10.1 gfs2-kmp-default-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 ocfs2-kmp-default-4.12.14-197.10.1 ocfs2-kmp-default-debuginfo-4.12.14-197.10.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-13233.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 From sle-updates at lists.suse.com Mon Jul 15 13:42:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:42:09 +0200 (CEST) Subject: SUSE-SU-2019:1851-1: important: Security update for the Linux Kernel Message-ID: <20190715194209.EE115FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1851-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136811 #1136922 #1137103 #1137194 #1137221 #1137366 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140948 #821419 #945811 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 77 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ("rpm/dtb.spec.in.in: Update include path for dt-bindings") introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1851=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_24-default-1-6.5.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137221 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/821419 https://bugzilla.suse.com/945811 From sle-updates at lists.suse.com Mon Jul 15 13:53:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:53:26 +0200 (CEST) Subject: SUSE-RU-2019:1853-1: moderate: Recommended update for systemd Message-ID: <20190715195326.47A51FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1853-1 Rating: moderate References: #1107617 #1137053 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1853=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1853=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1853=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1853=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.33.1 libsystemd0-mini-debuginfo-234-24.33.1 libudev-mini-devel-234-24.33.1 libudev-mini1-234-24.33.1 libudev-mini1-debuginfo-234-24.33.1 nss-myhostname-234-24.33.1 nss-myhostname-debuginfo-234-24.33.1 nss-mymachines-234-24.33.1 nss-mymachines-debuginfo-234-24.33.1 nss-systemd-234-24.33.1 nss-systemd-debuginfo-234-24.33.1 systemd-debuginfo-234-24.33.1 systemd-debugsource-234-24.33.1 systemd-logger-234-24.33.1 systemd-mini-234-24.33.1 systemd-mini-container-mini-234-24.33.1 systemd-mini-container-mini-debuginfo-234-24.33.1 systemd-mini-coredump-mini-234-24.33.1 systemd-mini-coredump-mini-debuginfo-234-24.33.1 systemd-mini-debuginfo-234-24.33.1 systemd-mini-debugsource-234-24.33.1 systemd-mini-devel-234-24.33.1 systemd-mini-sysvinit-234-24.33.1 udev-mini-234-24.33.1 udev-mini-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libudev-devel-32bit-234-24.33.1 nss-myhostname-32bit-234-24.33.1 nss-myhostname-32bit-debuginfo-234-24.33.1 nss-mymachines-32bit-234-24.33.1 nss-mymachines-32bit-debuginfo-234-24.33.1 systemd-32bit-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): systemd-mini-bash-completion-234-24.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.33.1 libsystemd0-mini-debuginfo-234-24.33.1 libudev-mini-devel-234-24.33.1 libudev-mini1-234-24.33.1 libudev-mini1-debuginfo-234-24.33.1 nss-myhostname-234-24.33.1 nss-myhostname-debuginfo-234-24.33.1 nss-mymachines-234-24.33.1 nss-mymachines-debuginfo-234-24.33.1 nss-systemd-234-24.33.1 nss-systemd-debuginfo-234-24.33.1 systemd-debuginfo-234-24.33.1 systemd-debugsource-234-24.33.1 systemd-logger-234-24.33.1 systemd-mini-234-24.33.1 systemd-mini-container-mini-234-24.33.1 systemd-mini-container-mini-debuginfo-234-24.33.1 systemd-mini-coredump-mini-234-24.33.1 systemd-mini-coredump-mini-debuginfo-234-24.33.1 systemd-mini-debuginfo-234-24.33.1 systemd-mini-debugsource-234-24.33.1 systemd-mini-devel-234-24.33.1 systemd-mini-sysvinit-234-24.33.1 udev-mini-234-24.33.1 udev-mini-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.33.1 libsystemd0-debuginfo-234-24.33.1 libudev-devel-234-24.33.1 libudev1-234-24.33.1 libudev1-debuginfo-234-24.33.1 systemd-234-24.33.1 systemd-container-234-24.33.1 systemd-container-debuginfo-234-24.33.1 systemd-coredump-234-24.33.1 systemd-coredump-debuginfo-234-24.33.1 systemd-debuginfo-234-24.33.1 systemd-debugsource-234-24.33.1 systemd-devel-234-24.33.1 systemd-sysvinit-234-24.33.1 udev-234-24.33.1 udev-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.33.1 libsystemd0-32bit-debuginfo-234-24.33.1 libudev1-32bit-234-24.33.1 libudev1-32bit-debuginfo-234-24.33.1 systemd-32bit-234-24.33.1 systemd-32bit-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.33.1 libsystemd0-debuginfo-234-24.33.1 libudev-devel-234-24.33.1 libudev1-234-24.33.1 libudev1-debuginfo-234-24.33.1 systemd-234-24.33.1 systemd-container-234-24.33.1 systemd-container-debuginfo-234-24.33.1 systemd-coredump-234-24.33.1 systemd-coredump-debuginfo-234-24.33.1 systemd-debuginfo-234-24.33.1 systemd-debugsource-234-24.33.1 systemd-devel-234-24.33.1 systemd-sysvinit-234-24.33.1 udev-234-24.33.1 udev-debuginfo-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.33.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.33.1 libsystemd0-32bit-debuginfo-234-24.33.1 libudev1-32bit-234-24.33.1 libudev1-32bit-debuginfo-234-24.33.1 systemd-32bit-234-24.33.1 systemd-32bit-debuginfo-234-24.33.1 References: https://bugzilla.suse.com/1107617 https://bugzilla.suse.com/1137053 From sle-updates at lists.suse.com Mon Jul 15 13:54:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:54:24 +0200 (CEST) Subject: SUSE-SU-2019:1855-1: important: Security update for the Linux Kernel Message-ID: <20190715195424.6EFA9FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1855-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ACPI: Add Hygon Dhyana support (). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%build_flavor to kernel-%build_flavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Build klp-symbols in kernel devel projects. - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - Move stuff git_sort chokes on, out of the way - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - SMB3: Fix endian warning (bsc#1137884). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - added De0-Nanos-SoC board support (and others based on Altera SOC). - af_key: unconditionally clone on broadcast (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1855=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1855=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1855=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1855=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1855=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1855=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-extra-4.12.14-150.27.1 kernel-default-extra-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.27.1 kernel-default-base-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-obs-qa-4.12.14-150.27.1 kselftests-kmp-default-4.12.14-150.27.1 kselftests-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-livepatch-4.12.14-150.27.1 kernel-livepatch-4_12_14-150_27-default-1-1.5.1 kernel-livepatch-4_12_14-150_27-default-debuginfo-1-1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 reiserfs-kmp-default-4.12.14-150.27.1 reiserfs-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.27.1 kernel-obs-build-debugsource-4.12.14-150.27.1 kernel-syms-4.12.14-150.27.1 kernel-vanilla-base-4.12.14-150.27.1 kernel-vanilla-base-debuginfo-4.12.14-150.27.1 kernel-vanilla-debuginfo-4.12.14-150.27.1 kernel-vanilla-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.27.1 kernel-source-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.27.1 kernel-default-base-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-devel-4.12.14-150.27.1 kernel-default-devel-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.27.1 kernel-macros-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.27.1 kernel-zfcpdump-4.12.14-150.27.1 kernel-zfcpdump-debuginfo-4.12.14-150.27.1 kernel-zfcpdump-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.27.1 cluster-md-kmp-default-debuginfo-4.12.14-150.27.1 dlm-kmp-default-4.12.14-150.27.1 dlm-kmp-default-debuginfo-4.12.14-150.27.1 gfs2-kmp-default-4.12.14-150.27.1 gfs2-kmp-default-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 ocfs2-kmp-default-4.12.14-150.27.1 ocfs2-kmp-default-debuginfo-4.12.14-150.27.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-updates at lists.suse.com Mon Jul 15 14:05:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:05:46 +0200 (CEST) Subject: SUSE-SU-2019:1852-1: important: Security update for the Linux Kernel Message-ID: <20190715200546.24430FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1852-1 Rating: important References: #1053043 #1066223 #1094555 #1108382 #1109137 #1111188 #1119086 #1120902 #1121263 #1125580 #1126961 #1127155 #1129770 #1131335 #1131336 #1131645 #1132390 #1133140 #1133190 #1133191 #1133738 #1134395 #1135642 #1136598 #1136889 #1136922 #1136935 #1137004 #1137194 #1137739 #1137749 #1137752 #1137915 #1138291 #1138293 #1138374 #1138681 #1139751 #1140575 #1140577 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), that lead to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm call. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service (bnc#1138291). - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause a denial of service. This affected nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: A double-fetch bug in _ctl_ioctl_main() could lead to a local denial of service attack (bsc#1136922 CVE-2019-12456). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ;All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it (bnc#1136598). - CVE-2019-11487: The Linux kernel before allowed page-_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests (bnc#1133190 1133191). The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Fix ixgbe backport (bsc#1133140) - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - Update "TCP SACK Panic" series - ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1126961). - ACPI / CPPC: Fix KASAN global out of bounds warning (bsc#1126961). - ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs (bsc#1126961). - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1126961). - ACPI / CPPC: Use 64-bit arithmetic instead of 32-bit (bsc#1126961). - ACPI / CPPC: fix build issue with ktime_t used in logical operation (bsc#1126961). - ACPI: CPPC: remove initial assignment of pcc_ss_data (bsc#1126961). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1135642). - ath6kl: Only use match sets when firmware supports it (bsc#1120902). - btrfs: check for refs on snapshot delete resume (bsc#1131335, bsc#1137004). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188, bsc#1137004). - btrfs: save drop_progress if we drop refs at all (bsc#1131336, bsc#1137004). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374, LTC#178199). - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374, LTC#178199). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1126961). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1126961). - cpufreq: Replace "max_transition_latency" with "dynamic_switching" (bsc#1126961). - cpufreq: cn99xx: set platform specific sampling rate (bsc#1126961). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - kabi: cpufreq: rename dynamic_switching to max_transition_latency (bsc#1126961). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (bsc#1137749). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - mailbox: PCC: Move the MAX_PCC_SUBSPACES definition to header file (bsc#1126961). - mailbox: pcc: Drop uninformative output during boot (bsc#1126961). - mailbox: pcc: Fix crash when request PCC channel 0 (bsc#1126961). - mwl8k: Fix rate_idx underflow (bsc#1135642). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739). - nvmet-fc: bring Disconnect into compliance with FC-NVME spec (bsc#1136889). - nvmet-fc: fix issues with targetport assoc_list list walking (bsc#1136889). - nvmet: fix fatal_err_work deadlock (bsc#1136889). - nvmet_fc: support target port removal with nvmet layer (bsc#1136889). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1066223). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043). - powerpc/process: Fix sparse address space warnings (bsc#1066223). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - rtlwifi: fix false rates in _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - signals: avoid random wakeups in sigsuspend() (bsc#1137915) - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1852=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1852=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1852=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1852=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1852=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.100.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.100.1 cluster-md-kmp-default-debuginfo-4.4.180-94.100.1 dlm-kmp-default-4.4.180-94.100.1 dlm-kmp-default-debuginfo-4.4.180-94.100.1 gfs2-kmp-default-4.4.180-94.100.1 gfs2-kmp-default-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 ocfs2-kmp-default-4.4.180-94.100.1 ocfs2-kmp-default-debuginfo-4.4.180-94.100.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Enterprise Storage 5 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126961 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133140 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136889 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137004 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137749 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137915 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 From sle-updates at lists.suse.com Mon Jul 15 14:12:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:12:13 +0200 (CEST) Subject: SUSE-SU-2019:1364-2: moderate: Security update for systemd Message-ID: <20190715201213.03E68FFC2@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1364-2 Rating: moderate References: #1036463 #1121563 #1124122 #1125352 #1125604 #1126056 #1127557 #1130230 #1132348 #1132400 #1132721 #1133506 #1133509 Cross-References: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-6454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on "add" events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1364=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1364=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.30.1 libsystemd0-mini-debuginfo-234-24.30.1 libudev-mini-devel-234-24.30.1 libudev-mini1-234-24.30.1 libudev-mini1-debuginfo-234-24.30.1 nss-myhostname-234-24.30.1 nss-myhostname-debuginfo-234-24.30.1 nss-mymachines-234-24.30.1 nss-mymachines-debuginfo-234-24.30.1 nss-systemd-234-24.30.1 nss-systemd-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-logger-234-24.30.1 systemd-mini-234-24.30.1 systemd-mini-container-mini-234-24.30.1 systemd-mini-container-mini-debuginfo-234-24.30.1 systemd-mini-coredump-mini-234-24.30.1 systemd-mini-coredump-mini-debuginfo-234-24.30.1 systemd-mini-debuginfo-234-24.30.1 systemd-mini-debugsource-234-24.30.1 systemd-mini-devel-234-24.30.1 systemd-mini-sysvinit-234-24.30.1 udev-mini-234-24.30.1 udev-mini-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libudev-devel-32bit-234-24.30.1 nss-myhostname-32bit-234-24.30.1 nss-myhostname-32bit-debuginfo-234-24.30.1 nss-mymachines-32bit-234-24.30.1 nss-mymachines-32bit-debuginfo-234-24.30.1 systemd-32bit-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): systemd-mini-bash-completion-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.30.1 libsystemd0-debuginfo-234-24.30.1 libudev-devel-234-24.30.1 libudev1-234-24.30.1 libudev1-debuginfo-234-24.30.1 systemd-234-24.30.1 systemd-container-234-24.30.1 systemd-container-debuginfo-234-24.30.1 systemd-coredump-234-24.30.1 systemd-coredump-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-devel-234-24.30.1 systemd-sysvinit-234-24.30.1 udev-234-24.30.1 udev-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.30.1 libsystemd0-32bit-debuginfo-234-24.30.1 libudev1-32bit-234-24.30.1 libudev1-32bit-debuginfo-234-24.30.1 systemd-32bit-234-24.30.1 systemd-32bit-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.30.1 References: https://www.suse.com/security/cve/CVE-2019-3842.html https://www.suse.com/security/cve/CVE-2019-3843.html https://www.suse.com/security/cve/CVE-2019-3844.html https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1036463 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1124122 https://bugzilla.suse.com/1125352 https://bugzilla.suse.com/1125604 https://bugzilla.suse.com/1126056 https://bugzilla.suse.com/1127557 https://bugzilla.suse.com/1130230 https://bugzilla.suse.com/1132348 https://bugzilla.suse.com/1132400 https://bugzilla.suse.com/1132721 https://bugzilla.suse.com/1133506 https://bugzilla.suse.com/1133509 From sle-updates at lists.suse.com Mon Jul 15 14:14:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:14:30 +0200 (CEST) Subject: SUSE-SU-2019:1851-1: important: Security update for the Linux Kernel Message-ID: <20190715201430.89DD7FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1851-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136811 #1136922 #1137103 #1137194 #1137221 #1137366 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140948 #821419 #945811 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 77 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ("rpm/dtb.spec.in.in: Update include path for dt-bindings") introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1851=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1851=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1851=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1851=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1851=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1851=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-extra-4.12.14-95.24.1 kernel-default-extra-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.24.1 kernel-obs-build-debugsource-4.12.14-95.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.24.1 kernel-default-base-4.12.14-95.24.1 kernel-default-base-debuginfo-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-devel-4.12.14-95.24.1 kernel-syms-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.24.1 kernel-macros-4.12.14-95.24.1 kernel-source-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.24.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_24-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.24.1 cluster-md-kmp-default-debuginfo-4.12.14-95.24.1 dlm-kmp-default-4.12.14-95.24.1 dlm-kmp-default-debuginfo-4.12.14-95.24.1 gfs2-kmp-default-4.12.14-95.24.1 gfs2-kmp-default-debuginfo-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 ocfs2-kmp-default-4.12.14-95.24.1 ocfs2-kmp-default-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-devel-4.12.14-95.24.1 kernel-default-devel-debuginfo-4.12.14-95.24.1 kernel-default-extra-4.12.14-95.24.1 kernel-default-extra-debuginfo-4.12.14-95.24.1 kernel-syms-4.12.14-95.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.24.1 kernel-macros-4.12.14-95.24.1 kernel-source-4.12.14-95.24.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137221 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/821419 https://bugzilla.suse.com/945811 From sle-updates at lists.suse.com Tue Jul 16 04:13:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Jul 2019 12:13:33 +0200 (CEST) Subject: SUSE-RU-2019:1857-1: moderate: Recommended update for grub2 Message-ID: <20190716101333.C036DFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1857-1 Rating: moderate References: #1127293 #928131 #940457 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Check/refresh zipl-kernel before hibernate on s390x. (bsc#940457) - Removing hardcoded 'vmlinuz'. - Try to refresh zipl-kernel on failed kexec. (bsc#1127293) - Fully support "previous" zipl-kernel with 'mem=1G' being available on dedicated entries. (bsc#928131) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1857=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1857=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1857=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-26.3.1 grub2-debuginfo-2.02-26.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.3.1 grub2-debuginfo-2.02-26.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.3.1 grub2-i386-pc-2.02-26.3.1 grub2-powerpc-ieee1275-2.02-26.3.1 grub2-snapper-plugin-2.02-26.3.1 grub2-systemd-sleep-plugin-2.02-26.3.1 grub2-x86_64-efi-2.02-26.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.3.1 References: https://bugzilla.suse.com/1127293 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/940457 From sle-updates at lists.suse.com Tue Jul 16 04:14:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Jul 2019 12:14:51 +0200 (CEST) Subject: SUSE-RU-2019:1358-2: moderate: Recommended update for rsync Message-ID: <20190716101451.1FCCFFFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1358-2 Rating: moderate References: #1100786 #1108562 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsync fixes the following issues: - rsync invoked with --sparse and --preallocate could have resulted in a failure (bsc#1108562) - Don't require systemd explicitly as it's not present in containers [bsc#1100786]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1358=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-4.3.1 rsync-debuginfo-3.1.3-4.3.1 rsync-debugsource-3.1.3-4.3.1 References: https://bugzilla.suse.com/1100786 https://bugzilla.suse.com/1108562 From sle-updates at lists.suse.com Tue Jul 16 04:15:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Jul 2019 12:15:43 +0200 (CEST) Subject: SUSE-RU-2019:1367-2: moderate: Recommended update for tcsh Message-ID: <20190716101543.409C4FFC2@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1367-2 Rating: moderate References: #1129112 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcsh fixes the following issues: - Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1367=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): tcsh-6.20.00-4.3.1 tcsh-debuginfo-6.20.00-4.3.1 tcsh-debugsource-6.20.00-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): tcsh-lang-6.20.00-4.3.1 References: https://bugzilla.suse.com/1129112 From sle-updates at lists.suse.com Tue Jul 16 10:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Jul 2019 18:10:43 +0200 (CEST) Subject: SUSE-SU-2019:1859-1: moderate: Security update for libgcrypt Message-ID: <20190716161043.15EABFFC2@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1859-1 Rating: moderate References: #1097073 #1125740 #1138939 Cross-References: CVE-2019-12904 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) (bsc#1138939) Other bugfixes: - Don't run full FIPS self-tests from constructor (bsc#1097073) - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) - avoid executing some tests twice. - Fixed a race condition in initialization. - Fixed env-script-interpreter in cavs_driver.pl - Fixed redundant fips tests in some situations causing failure to boot in fips mode. (bsc#1097073) This helps during booting of the system in FIPS mode with insufficient entropy. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1859=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1859=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-6.17.1 libgcrypt-cavs-debuginfo-1.8.2-6.17.1 libgcrypt-debugsource-1.8.2-6.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-6.17.1 libgcrypt-devel-1.8.2-6.17.1 libgcrypt-devel-debuginfo-1.8.2-6.17.1 libgcrypt20-1.8.2-6.17.1 libgcrypt20-debuginfo-1.8.2-6.17.1 libgcrypt20-hmac-1.8.2-6.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgcrypt20-32bit-1.8.2-6.17.1 libgcrypt20-32bit-debuginfo-1.8.2-6.17.1 libgcrypt20-hmac-32bit-1.8.2-6.17.1 References: https://www.suse.com/security/cve/CVE-2019-12904.html https://bugzilla.suse.com/1097073 https://bugzilla.suse.com/1125740 https://bugzilla.suse.com/1138939 From sle-updates at lists.suse.com Tue Jul 16 13:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Jul 2019 21:10:31 +0200 (CEST) Subject: SUSE-SU-2019:1860-1: important: Security update for xrdp Message-ID: <20190716191031.11B7FFFE6@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1860-1 Rating: important References: #1014524 #1015567 #1022098 #1023988 #1029912 #1060644 #1069591 #1090174 #1100453 #1101506 Cross-References: CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for xrdp fixes the following issues: Security issues fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). Other issues addressed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Backport upstream commit 5575197, sesman should stop setting LANG and let initialization scripts take care of it (bsc#1023988). - Backport upstream patches for 32bpp support (bsc#1022098). - Fixed a regression connecting from Windows 10. (bsc#1090174) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1860=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1860=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1860=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1860=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Enterprise Storage 4 (x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 References: https://www.suse.com/security/cve/CVE-2013-1430.html https://www.suse.com/security/cve/CVE-2017-16927.html https://www.suse.com/security/cve/CVE-2017-6967.html https://bugzilla.suse.com/1014524 https://bugzilla.suse.com/1015567 https://bugzilla.suse.com/1022098 https://bugzilla.suse.com/1023988 https://bugzilla.suse.com/1029912 https://bugzilla.suse.com/1060644 https://bugzilla.suse.com/1069591 https://bugzilla.suse.com/1090174 https://bugzilla.suse.com/1100453 https://bugzilla.suse.com/1101506 From sle-updates at lists.suse.com Wed Jul 17 07:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 15:11:11 +0200 (CEST) Subject: SUSE-SU-2019:1862-1: important: Security update for ardana and crowbar Message-ID: <20190717131111.D782EFFE6@maintenance.suse.de> SUSE Security Update: Security update for ardana and crowbar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1862-1 Rating: important References: #1083721 #1105559 #1118003 #1120932 #1122875 #1124170 #1126391 #1128753 #1130593 #1131712 #1131791 #1132542 #1132852 #1132860 #124991 Cross-References: CVE-2018-14574 CVE-2019-10876 CVE-2019-11068 CVE-2019-3498 CVE-2019-6975 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 10 fixes is now available. Description: This update for ardana and crowbar fixes the following issues: - Restrict rootwrap directories for cinder (bsc#1132542) - Change Cinder default log level from DEBUG to INFO (SCRD-7132) - Remove configuration from migration (bsc#1126391) - Configurable innodb flush options (SCRD-7496) - Secure designate's rootwrap files (bsc#1132542) - specify rootwrap config file in designate sudoer (bsc#1132542) - Update Designate log threshold from DEBUG to INFO (SCRD-8459) - Change Glance default log level from DEBUG to INFO (SCRD-8592) - Change Heat default log level from DEBUG to INFO (SCRD-7132) - Fix Horizon missing create snapshot action for users (bsc#1130593) - Don't set external-name in ardana-ci models (SCRD-7471) - Fix fail-over/-back behavior of haproxy for galera (bsc#1122875) - Update swift endpoints from keystone-reconfigure.yml if needed (SCRD-8703) - Change Magnum default log level from DEFAULT to INFO (SCRD-7132) - Rip out vertica related code (SCRD-9031) - Tighten neutron sudoers to only execute rootwrap (bsc#1132542) - Change Neutron default log level from DEBUG to INFO (SCRD-7132) - SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542) - specify rootwrap config file in nova sudoer (bsc#1132542) - Change Nova default log level from DEBUG to INFO (SCRD-7132) - Stop installing a sudoers root escalator (SCRD-9031) - Change Octavia default log level from DEBUG to INFO (SCRD-7132) - Increase number of connect retries (SCRD-7496) - UDEV rules for multi-port nics (SCRD-8329) - Ensure that the ceph group exists (SCRD-8347) - Disable test_create_health_monitor_with_scenarios tempest (SOC-9176) - Make --os-test-timeout configurable and increase default (SCRD-7496) - Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015) - Increase and make timeout values configurable (SCRD-7496) - Configure heat boot config template path (SCRD-7496) - Fix typo on ceilometer filter (SCRD-7496) - barclamp: Fix setting MTU on networks using a bridge - Fix order of values in nodes piechart - Ignore CVE-2019-11068 during Travis (SOC-9262) - Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - pacemaker: add failure nodes to sync fail message (bsc#1083721) - update suse-branding.patch (SOC-9297) - pacemaker: wait more for founder if SBD is configured (SCRD-8462) - pacemaker: don't check cluster members on founder (SCRD-8462) - database: Make wsrep_provider_options configurable (fate#327745) - database: Raise and align promote/demote timeouts (bsc#1131791) - mysql: improve galera HA setup (bsc#1122875) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - neutron: Fix the rest of the keystone related settings for LBaaS - neutron: properly define neutron lbaas region (bsc#1128753) - CLM - update MariaDB manually (bsc#1132852, SOC-9022) - update MariaDB manually (bsc#1132852, SOC-9022) - SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) - Fix bsc#1118003 - add deprecation decision tree (shrub) (SCRD-8530) - add cert section (SCRD-5542) - grammar; make migration pairing more explicit (SCRD-7595) - Remove whitespace on top of login page (SCRD-7142) - Revert alert and form colors to default SCRD-6919 - Change active sidebar section text white SCRD-6919 - Updated the openstack-monasca-agent-sudoers file (bsc#1132542) - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876) - update to 1.11.20 (bsc#124991, CVE-2019-6975): - Memory exhaustion in ``django.utils.numberformat.format()`` - Include ops-console logs if exist (bsc-1126912) - Add a sed pattern to censor passwords from servers.yml (bsc#1105559) - Show the status file of crowbar upgrade (if it exists) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1862=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1862=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1862=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1558533551.8d8ed2058-3.23.1 crowbar-core-branding-upstream-5.0+git.1558533551.8d8ed2058-3.23.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-core-branding-SOC-5.0-10.6.3 crowbar-ha-5.0+git.1559282566.6b06ca3-3.17.1 crowbar-openstack-5.0+git.1559335140.62bb4c014-4.25.1 documentation-suse-openstack-cloud-deployment-8.20190521-1.17.1 documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1 ardana-barbican-8.0+git.1534266594.8136db7-4.30.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1 ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1 ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1 ardana-cobbler-8.0+git.1550694449.df88054-3.38.1 ardana-db-8.0+git.1555341117.d812d88-3.25.1 ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1 ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1 ardana-glance-8.0+git.1555450219.97789ac-3.11.1 ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1 ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1 ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1 ardana-keystone-8.0+git.1554915846.db23473-3.24.1 ardana-logging-8.0+git.1544117621.1c9a954-3.18.1 ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1 ardana-manila-8.0+git.1551748668.7427826-1.18.1 ardana-memcached-8.0+git.1534266982.498c352-3.6.1 ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1 ardana-mq-8.0+git.1549882721.b2e8873-3.13.1 ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1 ardana-nova-8.0+git.1559253853.bb932ea-3.29.1 ardana-octavia-8.0+git.1557523035.ab44613-3.17.1 ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1 ardana-opsconsole-ui-8.0+git.1537201508.68c32e6-3.16.1 ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1 ardana-service-8.0+git.1551382173.a81d5e1-3.26.1 ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1 ardana-ses-8.0+git.1554912320.73ad306-1.20.1 ardana-spark-8.0+git.1539709555.5b31c25-3.12.1 ardana-swift-8.0+git.1551502730.f4d219d-3.27.1 ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1 ardana-tls-8.0+git.1534267264.6b1e899-3.6.1 documentation-suse-openstack-cloud-installation-8.20190521-1.17.1 documentation-suse-openstack-cloud-operations-8.20190521-1.17.1 documentation-suse-openstack-cloud-opsconsole-8.20190521-1.17.1 documentation-suse-openstack-cloud-planning-8.20190521-1.17.1 documentation-suse-openstack-cloud-security-8.20190521-1.17.1 documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1 documentation-suse-openstack-cloud-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.16.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.17.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.14.1 venv-openstack-cinder-x86_64-11.2.3~dev5-14.17.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.15.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.12.1 venv-openstack-glance-x86_64-15.0.2~dev9-12.15.1 venv-openstack-heat-x86_64-9.0.8~dev3-12.17.1 venv-openstack-horizon-x86_64-12.0.4~dev6-14.22.1 venv-openstack-ironic-x86_64-9.1.8~dev5-12.17.1 venv-openstack-keystone-x86_64-12.0.4~dev2-11.17.1 venv-openstack-magnum-x86_64-5.0.2-11.15.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.19.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.11.1 venv-openstack-monasca-x86_64-2.2.1-11.13.1 venv-openstack-murano-x86_64-4.0.1-12.11.1 venv-openstack-neutron-x86_64-11.0.2-13.19.1 venv-openstack-nova-x86_64-16.1.9~dev3-11.18.1 venv-openstack-octavia-x86_64-1.0.5~dev1-12.17.1 venv-openstack-sahara-x86_64-7.0.4~dev1-11.16.1 venv-openstack-swift-x86_64-2.15.2-11.11.1 venv-openstack-trove-x86_64-8.0.1~dev13-11.16.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1 ardana-barbican-8.0+git.1534266594.8136db7-4.30.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1 ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1 ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1 ardana-cobbler-8.0+git.1550694449.df88054-3.38.1 ardana-db-8.0+git.1555341117.d812d88-3.25.1 ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1 ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1 ardana-glance-8.0+git.1555450219.97789ac-3.11.1 ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1 ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1 ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1 ardana-keystone-8.0+git.1554915846.db23473-3.24.1 ardana-logging-8.0+git.1544117621.1c9a954-3.18.1 ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1 ardana-manila-8.0+git.1551748668.7427826-1.18.1 ardana-memcached-8.0+git.1534266982.498c352-3.6.1 ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1 ardana-mq-8.0+git.1549882721.b2e8873-3.13.1 ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1 ardana-nova-8.0+git.1559253853.bb932ea-3.29.1 ardana-octavia-8.0+git.1557523035.ab44613-3.17.1 ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1 ardana-opsconsole-ui-hpe-8.0+git.1537201508.68c32e6-3.16.1 ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1 ardana-service-8.0+git.1551382173.a81d5e1-3.26.1 ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1 ardana-ses-8.0+git.1554912320.73ad306-1.20.1 ardana-spark-8.0+git.1539709555.5b31c25-3.12.1 ardana-swift-8.0+git.1551502730.f4d219d-3.27.1 ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1 ardana-tls-8.0+git.1534267264.6b1e899-3.6.1 documentation-hpe-helion-openstack-installation-8.20190521-1.17.1 documentation-hpe-helion-openstack-operations-8.20190521-1.17.1 documentation-hpe-helion-openstack-opsconsole-8.20190521-1.17.1 documentation-hpe-helion-openstack-planning-8.20190521-1.17.1 documentation-hpe-helion-openstack-security-8.20190521-1.17.1 documentation-hpe-helion-openstack-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.16.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.17.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.14.1 venv-openstack-cinder-x86_64-11.2.3~dev5-14.17.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.15.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.12.1 venv-openstack-glance-x86_64-15.0.2~dev9-12.15.1 venv-openstack-heat-x86_64-9.0.8~dev3-12.17.1 venv-openstack-horizon-hpe-x86_64-12.0.4~dev6-14.22.1 venv-openstack-ironic-x86_64-9.1.8~dev5-12.17.1 venv-openstack-keystone-x86_64-12.0.4~dev2-11.17.1 venv-openstack-magnum-x86_64-5.0.2-11.15.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.19.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.11.1 venv-openstack-monasca-x86_64-2.2.1-11.13.1 venv-openstack-murano-x86_64-4.0.1-12.11.1 venv-openstack-neutron-x86_64-11.0.2-13.19.1 venv-openstack-nova-x86_64-16.1.9~dev3-11.18.1 venv-openstack-octavia-x86_64-1.0.5~dev1-12.17.1 venv-openstack-sahara-x86_64-7.0.4~dev1-11.16.1 venv-openstack-swift-x86_64-2.15.2-11.11.1 venv-openstack-trove-x86_64-8.0.1~dev13-11.16.1 References: https://www.suse.com/security/cve/CVE-2018-14574.html https://www.suse.com/security/cve/CVE-2019-10876.html https://www.suse.com/security/cve/CVE-2019-11068.html https://www.suse.com/security/cve/CVE-2019-3498.html https://www.suse.com/security/cve/CVE-2019-6975.html https://bugzilla.suse.com/1083721 https://bugzilla.suse.com/1105559 https://bugzilla.suse.com/1118003 https://bugzilla.suse.com/1120932 https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1124170 https://bugzilla.suse.com/1126391 https://bugzilla.suse.com/1128753 https://bugzilla.suse.com/1130593 https://bugzilla.suse.com/1131712 https://bugzilla.suse.com/1131791 https://bugzilla.suse.com/1132542 https://bugzilla.suse.com/1132852 https://bugzilla.suse.com/1132860 https://bugzilla.suse.com/124991 From sle-updates at lists.suse.com Wed Jul 17 07:14:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 15:14:11 +0200 (CEST) Subject: SUSE-RU-2019:1863-1: moderate: Recommended update for nvme-cli Message-ID: <20190717131411.419C4FFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1863-1 Rating: moderate References: #1124564 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Add script to determine host NQN based on the system UUID - Add new udev rule for NetApp E-Series and adjust udev rule naming scheme accordingly. (bsc#1124564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1863=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nvme-cli-1.7-6.6.1 nvme-cli-debuginfo-1.7-6.6.1 nvme-cli-debugsource-1.7-6.6.1 References: https://bugzilla.suse.com/1124564 From sle-updates at lists.suse.com Wed Jul 17 07:14:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 15:14:57 +0200 (CEST) Subject: SUSE-SU-2019:1861-1: important: Security update for MozillaFirefox Message-ID: <20190717131457.56319FFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1861-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1861=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1861=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1861=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1861=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1861=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1861=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1861=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1861=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1861=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1861=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1861=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1861=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1861=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1861=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1861=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Enterprise Storage 5 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Wed Jul 17 10:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:10:41 +0200 (CEST) Subject: SUSE-RU-2019:1864-1: moderate: Recommended update for osc Message-ID: <20190717161041.5F0D5FFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1864-1 Rating: moderate References: #1138165 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osc fixes the following issues: - Version update to version 0.165.1 (bsc#1138165) * fix oscssl "urldefrag is not defined error" * osc release command now python3 compatible * add more decode logic in get_commitlog * osc add 'dir' in compressed mode now works with python3 * osc getbinaries now prints the output instead of using the quiet mode as a default Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1864=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): osc-0.165.1-3.4.1 References: https://bugzilla.suse.com/1138165 From sle-updates at lists.suse.com Wed Jul 17 10:11:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:11:23 +0200 (CEST) Subject: SUSE-SU-2019:1870-1: important: Security update for the Linux Kernel Message-ID: <20190717161123.8DFBAFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1870-1 Rating: important References: #1102340 #1112824 #1130159 #1133190 #1134395 #1135603 #1136922 #1137194 #1138293 #1139751 Cross-References: CVE-2018-20836 CVE-2018-5390 CVE-2018-7191 CVE-2019-11487 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. (bsc#1136922) - CVE-2019-11487: An attacker could have triggered use-after-free via page reference count overflow on slow filesystems with at least of 140 GiB of RAM available. (bnc#1133190) The following non-security bugs were fixed: - fuse: Don't access pipe->buffers without pipe_lock() (Prerequisity for CVE-2019-11487, bsc#1133190). - fuse: call pipe_buf_release() under pipe lock (Prerequisity for CVE-2019-11487, bsc#1133190). - mm: /proc/pid/maps: Check permissions when opening proc pid maps (bsc#1130159). - pipe: add pipe_buf_get() helper (Prerequisity for CVE-2019-11487, bsc#1133190). - tcp: refine memory limit test in tcp_fragment() after CVE-2019-11478 fix (bsc#1139751). - x86/bugs: do not default to IBRS even on SKL (bsc#1112824). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1870=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1870=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1870=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.118.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.118.1 kernel-ec2-debuginfo-3.12.74-60.64.118.1 kernel-ec2-debugsource-3.12.74-60.64.118.1 kernel-ec2-devel-3.12.74-60.64.118.1 kernel-ec2-extra-3.12.74-60.64.118.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.118.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1112824 https://bugzilla.suse.com/1130159 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1139751 From sle-updates at lists.suse.com Wed Jul 17 10:13:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:13:57 +0200 (CEST) Subject: SUSE-SU-2019:1869-1: important: Security update for MozillaFirefox Message-ID: <20190717161357.31E36FFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1869-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1869=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1869=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1869=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.44.1-3.16.2 libsoftokn3-hmac-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-60.8.0-3.51.4 libfreebl3-hmac-32bit-3.44.1-3.16.2 libsoftokn3-hmac-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-sysinit-32bit-3.44.1-3.16.2 mozilla-nss-sysinit-32bit-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 MozillaFirefox-translations-common-60.8.0-3.51.4 MozillaFirefox-translations-other-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 MozillaFirefox-devel-60.8.0-3.51.4 MozillaFirefox-translations-common-60.8.0-3.51.4 MozillaFirefox-translations-other-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-3.44.1-3.16.2 libfreebl3-debuginfo-3.44.1-3.16.2 libsoftokn3-3.44.1-3.16.2 libsoftokn3-debuginfo-3.44.1-3.16.2 mozilla-nss-3.44.1-3.16.2 mozilla-nss-certs-3.44.1-3.16.2 mozilla-nss-certs-debuginfo-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-devel-3.44.1-3.16.2 mozilla-nss-sysinit-3.44.1-3.16.2 mozilla-nss-sysinit-debuginfo-3.44.1-3.16.2 mozilla-nss-tools-3.44.1-3.16.2 mozilla-nss-tools-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreebl3-32bit-3.44.1-3.16.2 libfreebl3-32bit-debuginfo-3.44.1-3.16.2 libsoftokn3-32bit-3.44.1-3.16.2 libsoftokn3-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-certs-32bit-3.44.1-3.16.2 mozilla-nss-certs-32bit-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.44.1-3.16.2 libfreebl3-debuginfo-3.44.1-3.16.2 libfreebl3-hmac-3.44.1-3.16.2 libsoftokn3-3.44.1-3.16.2 libsoftokn3-debuginfo-3.44.1-3.16.2 libsoftokn3-hmac-3.44.1-3.16.2 mozilla-nss-3.44.1-3.16.2 mozilla-nss-certs-3.44.1-3.16.2 mozilla-nss-certs-debuginfo-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-devel-3.44.1-3.16.2 mozilla-nss-sysinit-3.44.1-3.16.2 mozilla-nss-sysinit-debuginfo-3.44.1-3.16.2 mozilla-nss-tools-3.44.1-3.16.2 mozilla-nss-tools-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.44.1-3.16.2 libfreebl3-32bit-debuginfo-3.44.1-3.16.2 libfreebl3-hmac-32bit-3.44.1-3.16.2 libsoftokn3-32bit-3.44.1-3.16.2 libsoftokn3-32bit-debuginfo-3.44.1-3.16.2 libsoftokn3-hmac-32bit-3.44.1-3.16.2 mozilla-nss-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-certs-32bit-3.44.1-3.16.2 mozilla-nss-certs-32bit-debuginfo-3.44.1-3.16.2 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Wed Jul 17 10:14:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:14:38 +0200 (CEST) Subject: SUSE-SU-2019:1867-1: moderate: Security update for libxslt Message-ID: <20190717161438.D7E13FFE6@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1867-1 Rating: moderate References: #1140095 #1140101 Cross-References: CVE-2019-13117 CVE-2019-13118 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1867=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1867=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1867=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-devel-1.1.28-17.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-tools-1.1.28-17.6.1 libxslt-tools-debuginfo-1.1.28-17.6.1 libxslt1-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libxslt1-32bit-1.1.28-17.6.1 libxslt1-debuginfo-32bit-1.1.28-17.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-tools-1.1.28-17.6.1 libxslt-tools-debuginfo-1.1.28-17.6.1 libxslt1-1.1.28-17.6.1 libxslt1-32bit-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 libxslt1-debuginfo-32bit-1.1.28-17.6.1 - SUSE CaaS Platform 3.0 (x86_64): libxslt1-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 References: https://www.suse.com/security/cve/CVE-2019-13117.html https://www.suse.com/security/cve/CVE-2019-13118.html https://bugzilla.suse.com/1140095 https://bugzilla.suse.com/1140101 From sle-updates at lists.suse.com Wed Jul 17 10:15:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:15:25 +0200 (CEST) Subject: SUSE-RU-2019:1865-1: moderate: Recommended update for libzypp, zypper Message-ID: <20190717161525.D4904FFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1865-1 Rating: moderate References: #1035729 #1110542 #1111319 #1112911 #1113296 #1134226 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libzypp, zypper provides the following fixes: - Improve handling of partially locked packages (bsc#1113296) - Create and write versioned locks correctly. (bsc#1112911) - Fix repo refresh causing downgrades. (bsc#1134226) - Fix double iteraction on --no-cd and transactional-update usage. (bsc#1111319) - Fix https URLs causing 2 prompts on error. (bsc#1110542) - Treat explicit queries for 'kind:name' correctly (bsc#1035729) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1865=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1865=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libzypp-15.28.0-46.31.1 libzypp-debuginfo-15.28.0-46.31.1 libzypp-debugsource-15.28.0-46.31.1 zypper-1.12.65-46.16.1 zypper-debuginfo-1.12.65-46.16.1 zypper-debugsource-1.12.65-46.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): zypper-log-1.12.65-46.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libzypp-15.28.0-46.31.1 libzypp-debuginfo-15.28.0-46.31.1 libzypp-debugsource-15.28.0-46.31.1 zypper-1.12.65-46.16.1 zypper-debuginfo-1.12.65-46.16.1 zypper-debugsource-1.12.65-46.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): zypper-log-1.12.65-46.16.1 References: https://bugzilla.suse.com/1035729 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1134226 From sle-updates at lists.suse.com Wed Jul 17 10:16:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:16:47 +0200 (CEST) Subject: SUSE-SU-2019:14124-1: important: Security update for MozillaFirefox Message-ID: <20190717161647.0408BFFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14124-1 Rating: important References: #1137792 #1138614 #1138872 #1140868 Cross-References: CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). - CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872). - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Non-security issues fixed: - Fix broken language plugins (bsc#1137792) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14124=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-60.8.0esr-78.43.2 MozillaFirefox-translations-common-60.8.0esr-78.43.2 MozillaFirefox-translations-other-60.8.0esr-78.43.2 References: https://www.suse.com/security/cve/CVE-2019-11707.html https://www.suse.com/security/cve/CVE-2019-11708.html https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1137792 https://bugzilla.suse.com/1138614 https://bugzilla.suse.com/1138872 https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Wed Jul 17 10:17:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:17:59 +0200 (CEST) Subject: SUSE-SU-2019:1866-1: moderate: Security update for tomcat Message-ID: <20190717161759.CBFE5FFE6@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1866-1 Rating: moderate References: #1131055 #1136085 #1139924 Cross-References: CVE-2019-0199 CVE-2019-0221 CVE-2019-10072 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). - CVE-2019-10072: Fixed incomplete patch for CVE-2019-0199 (bsc#1139924). Please also see http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.21_(markt ) and http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt ) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1866=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): tomcat-9.0.21-3.13.2 tomcat-admin-webapps-9.0.21-3.13.2 tomcat-docs-webapp-9.0.21-3.13.2 tomcat-el-3_0-api-9.0.21-3.13.2 tomcat-javadoc-9.0.21-3.13.2 tomcat-jsp-2_3-api-9.0.21-3.13.2 tomcat-lib-9.0.21-3.13.2 tomcat-servlet-4_0-api-9.0.21-3.13.2 tomcat-webapps-9.0.21-3.13.2 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://www.suse.com/security/cve/CVE-2019-0221.html https://www.suse.com/security/cve/CVE-2019-10072.html https://bugzilla.suse.com/1131055 https://bugzilla.suse.com/1136085 https://bugzilla.suse.com/1139924 From sle-updates at lists.suse.com Thu Jul 18 07:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:10:31 +0200 (CEST) Subject: SUSE-RU-2019:1874-1: moderate: Recommended update for saptune Message-ID: <20190718131031.18FBCFFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1874-1 Rating: moderate References: #1116799 #1120741 #1123808 #1124485 #1124486 #1124487 #1124488 #1124489 #1126220 #1128322 #1128325 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) - Remove new line from println arg list of main.go to support newer go versions. (bsc#1120741) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1874=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): saptune-2.0.1-3.16.1 saptune-debuginfo-2.0.1-3.16.1 References: https://bugzilla.suse.com/1116799 https://bugzilla.suse.com/1120741 https://bugzilla.suse.com/1123808 https://bugzilla.suse.com/1124485 https://bugzilla.suse.com/1124486 https://bugzilla.suse.com/1124487 https://bugzilla.suse.com/1124488 https://bugzilla.suse.com/1124489 https://bugzilla.suse.com/1126220 https://bugzilla.suse.com/1128322 https://bugzilla.suse.com/1128325 From sle-updates at lists.suse.com Thu Jul 18 07:12:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:12:27 +0200 (CEST) Subject: SUSE-RU-2019:1876-1: moderate: Recommended update for yast2-saptune Message-ID: <20190718131227.7E0CEFFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1876-1 Rating: moderate References: #1077615 #1135879 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-saptune fixes the following issues: - Fix to disable tuned daemon, if saptune is not configured (bsc#1135879) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1876=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1876=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1876=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): yast2-saptune-1.3-3.4.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): yast2-saptune-1.3-3.4.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): yast2-saptune-1.3-3.4.2 References: https://bugzilla.suse.com/1077615 https://bugzilla.suse.com/1135879 From sle-updates at lists.suse.com Thu Jul 18 07:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:13:20 +0200 (CEST) Subject: SUSE-SU-2019:1877-1: moderate: Security update for glibc Message-ID: <20190718131320.2030EFFE6@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1877-1 Rating: moderate References: #1117993 #1123710 #1127223 #1127308 #1131330 Cross-References: CVE-2009-5155 CVE-2019-9169 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1877=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1877=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): glibc-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): glibc-html-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-static-32bit-2.26-13.24.1 glibc-locale-base-32bit-2.26-13.24.1 glibc-locale-base-32bit-debuginfo-2.26-13.24.1 glibc-profile-32bit-2.26-13.24.1 glibc-utils-32bit-2.26-13.24.1 glibc-utils-32bit-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glibc-html-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-static-2.26-13.24.1 glibc-utils-2.26-13.24.1 glibc-utils-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-32bit-2.26-13.24.1 glibc-devel-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-static-2.26-13.24.1 glibc-utils-2.26-13.24.1 glibc-utils-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-32bit-2.26-13.24.1 glibc-devel-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.24.1 glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-2.26-13.24.1 glibc-devel-debuginfo-2.26-13.24.1 glibc-extra-2.26-13.24.1 glibc-extra-debuginfo-2.26-13.24.1 glibc-locale-2.26-13.24.1 glibc-locale-base-2.26-13.24.1 glibc-locale-base-debuginfo-2.26-13.24.1 glibc-profile-2.26-13.24.1 nscd-2.26-13.24.1 nscd-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): glibc-32bit-2.26-13.24.1 glibc-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glibc-i18ndata-2.26-13.24.1 glibc-info-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.24.1 glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-2.26-13.24.1 glibc-devel-debuginfo-2.26-13.24.1 glibc-extra-2.26-13.24.1 glibc-extra-debuginfo-2.26-13.24.1 glibc-locale-2.26-13.24.1 glibc-locale-base-2.26-13.24.1 glibc-locale-base-debuginfo-2.26-13.24.1 glibc-profile-2.26-13.24.1 nscd-2.26-13.24.1 nscd-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.24.1 glibc-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.24.1 glibc-info-2.26-13.24.1 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1117993 https://bugzilla.suse.com/1123710 https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1131330 From sle-updates at lists.suse.com Thu Jul 18 07:14:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:14:37 +0200 (CEST) Subject: SUSE-RU-2019:1875-1: moderate: Recommended update for tracker Message-ID: <20190718131437.6648EFFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for tracker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1875-1 Rating: moderate References: #1123869 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tracker provides the following fixes: - Delete TrackerResource elements one by one. (bsc#1123869) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1875=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1875=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1875=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1875=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): tracker-lang-2.0.3-4.6.5 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): tracker-2.0.3-4.6.5 tracker-debuginfo-2.0.3-4.6.5 tracker-debugsource-2.0.3-4.6.5 - SUSE Linux Enterprise Workstation Extension 15 (noarch): tracker-lang-2.0.3-4.6.5 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): tracker-2.0.3-4.6.5 tracker-debuginfo-2.0.3-4.6.5 tracker-debugsource-2.0.3-4.6.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtracker-common-2_0-2.0.3-4.6.5 libtracker-common-2_0-debuginfo-2.0.3-4.6.5 libtracker-control-2_0-0-2.0.3-4.6.5 libtracker-control-2_0-0-debuginfo-2.0.3-4.6.5 libtracker-miner-2_0-0-2.0.3-4.6.5 libtracker-miner-2_0-0-debuginfo-2.0.3-4.6.5 libtracker-sparql-2_0-0-2.0.3-4.6.5 libtracker-sparql-2_0-0-debuginfo-2.0.3-4.6.5 tracker-debuginfo-2.0.3-4.6.5 tracker-debugsource-2.0.3-4.6.5 tracker-devel-2.0.3-4.6.5 typelib-1_0-Tracker-2_0-2.0.3-4.6.5 typelib-1_0-TrackerControl-2_0-2.0.3-4.6.5 typelib-1_0-TrackerMiner-2_0-2.0.3-4.6.5 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libtracker-common-2_0-2.0.3-4.6.5 libtracker-common-2_0-debuginfo-2.0.3-4.6.5 libtracker-control-2_0-0-2.0.3-4.6.5 libtracker-control-2_0-0-debuginfo-2.0.3-4.6.5 libtracker-miner-2_0-0-2.0.3-4.6.5 libtracker-miner-2_0-0-debuginfo-2.0.3-4.6.5 libtracker-sparql-2_0-0-2.0.3-4.6.5 libtracker-sparql-2_0-0-debuginfo-2.0.3-4.6.5 tracker-debuginfo-2.0.3-4.6.5 tracker-debugsource-2.0.3-4.6.5 tracker-devel-2.0.3-4.6.5 typelib-1_0-Tracker-2_0-2.0.3-4.6.5 typelib-1_0-TrackerControl-2_0-2.0.3-4.6.5 typelib-1_0-TrackerMiner-2_0-2.0.3-4.6.5 References: https://bugzilla.suse.com/1123869 From sle-updates at lists.suse.com Thu Jul 18 07:15:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:15:15 +0200 (CEST) Subject: SUSE-RU-2019:1873-1: moderate: Recommended update for saptune Message-ID: <20190718131515.EDCBDFFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1873-1 Rating: moderate References: #1116799 #1120741 #1123808 #1124485 #1124486 #1124487 #1124488 #1124489 #1126220 #1128322 #1128325 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) - Remove new line from println arg list of main.go to support newer go versions. (bsc#1120741) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1873=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): saptune-2.0.1-3.3.1 saptune-debuginfo-2.0.1-3.3.1 References: https://bugzilla.suse.com/1116799 https://bugzilla.suse.com/1120741 https://bugzilla.suse.com/1123808 https://bugzilla.suse.com/1124485 https://bugzilla.suse.com/1124486 https://bugzilla.suse.com/1124487 https://bugzilla.suse.com/1124488 https://bugzilla.suse.com/1124489 https://bugzilla.suse.com/1126220 https://bugzilla.suse.com/1128322 https://bugzilla.suse.com/1128325 From sle-updates at lists.suse.com Thu Jul 18 10:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:10:43 +0200 (CEST) Subject: SUSE-SU-2019:1889-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) Message-ID: <20190718161043.2F7A9FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1889-1 Rating: important References: #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1889=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-4-10.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Thu Jul 18 10:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:11:37 +0200 (CEST) Subject: SUSE-SU-2019:1882-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15) Message-ID: <20190718161137.88404FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1882-1 Rating: important References: #1136446 #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_14 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1878=1 SUSE-SLE-Module-Live-Patching-15-2019-1879=1 SUSE-SLE-Module-Live-Patching-15-2019-1880=1 SUSE-SLE-Module-Live-Patching-15-2019-1881=1 SUSE-SLE-Module-Live-Patching-15-2019-1882=1 SUSE-SLE-Module-Live-Patching-15-2019-1883=1 SUSE-SLE-Module-Live-Patching-15-2019-1884=1 SUSE-SLE-Module-Live-Patching-15-2019-1885=1 SUSE-SLE-Module-Live-Patching-15-2019-1886=1 SUSE-SLE-Module-Live-Patching-15-2019-1887=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_14-default-3-2.1 kernel-livepatch-4_12_14-150_14-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-150_17-default-3-2.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_13-default-8-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-8-2.1 kernel-livepatch-4_12_14-25_16-default-7-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_19-default-7-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_22-default-6-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_25-default-5-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_28-default-4-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_3-default-11-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-11-2.1 kernel-livepatch-4_12_14-25_6-default-10-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-10-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Thu Jul 18 10:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:12:35 +0200 (CEST) Subject: SUSE-SU-2019:1888-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) Message-ID: <20190718161235.DFDE4FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1888-1 Rating: important References: #1140747 Cross-References: CVE-2019-11478 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_7 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1890=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-1891=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1888=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_4-default-3-2.1 kernel-livepatch-4_12_14-197_7-default-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_22-default-2-2.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Thu Jul 18 13:10:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 21:10:25 +0200 (CEST) Subject: SUSE-RU-2019:1892-1: moderate: Recommended update for openslp Message-ID: <20190718191025.8BC78FFE6@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1892-1 Rating: moderate References: #1117969 #1136136 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1892=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1892=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1892=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1892=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-6.6.1 openslp-debugsource-2.0.0-6.6.1 openslp-server-2.0.0-6.6.1 openslp-server-debuginfo-2.0.0-6.6.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-6.6.1 openslp-debugsource-2.0.0-6.6.1 openslp-server-2.0.0-6.6.1 openslp-server-debuginfo-2.0.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-6.6.1 openslp-debuginfo-2.0.0-6.6.1 openslp-debugsource-2.0.0-6.6.1 openslp-devel-2.0.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): openslp-32bit-2.0.0-6.6.1 openslp-32bit-debuginfo-2.0.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-6.6.1 openslp-debuginfo-2.0.0-6.6.1 openslp-debugsource-2.0.0-6.6.1 openslp-devel-2.0.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): openslp-32bit-2.0.0-6.6.1 openslp-32bit-debuginfo-2.0.0-6.6.1 References: https://bugzilla.suse.com/1117969 https://bugzilla.suse.com/1136136 From sle-updates at lists.suse.com Thu Jul 18 13:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Jul 2019 21:11:19 +0200 (CEST) Subject: SUSE-SU-2019:1894-1: moderate: Security update for LibreOffice Message-ID: <20190718191119.5C599FFE6@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1894-1 Rating: moderate References: #1089811 #1116451 #1121874 #1123131 #1123455 #1124062 #1124869 #1127760 #1127857 #1128845 #1135189 #1135228 Cross-References: CVE-2018-16858 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector operations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1894=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1894=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1894=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1894=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1894=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1894=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libixion-0_14-0-0.14.1-4.3.8 libixion-0_14-0-debuginfo-0.14.1-4.3.8 libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 liborcus-0_14-0-0.14.1-3.3.8 liborcus-0_14-0-debuginfo-0.14.1-3.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-devel-0.14.1-3.3.8 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): myspell-af_ZA-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libixion-0_14-0-0.14.1-4.3.8 libixion-0_14-0-debuginfo-0.14.1-4.3.8 libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 liborcus-0_14-0-0.14.1-3.3.8 liborcus-0_14-0-debuginfo-0.14.1-3.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-devel-0.14.1-3.3.8 libreoffice-6.2.5.2-3.18.5 libreoffice-base-6.2.5.2-3.18.5 libreoffice-base-debuginfo-6.2.5.2-3.18.5 libreoffice-base-drivers-postgresql-6.2.5.2-3.18.5 libreoffice-base-drivers-postgresql-debuginfo-6.2.5.2-3.18.5 libreoffice-calc-6.2.5.2-3.18.5 libreoffice-calc-debuginfo-6.2.5.2-3.18.5 libreoffice-calc-extensions-6.2.5.2-3.18.5 libreoffice-debuginfo-6.2.5.2-3.18.5 libreoffice-debugsource-6.2.5.2-3.18.5 libreoffice-draw-6.2.5.2-3.18.5 libreoffice-draw-debuginfo-6.2.5.2-3.18.5 libreoffice-filters-optional-6.2.5.2-3.18.5 libreoffice-gnome-6.2.5.2-3.18.5 libreoffice-gnome-debuginfo-6.2.5.2-3.18.5 libreoffice-gtk3-6.2.5.2-3.18.5 libreoffice-gtk3-debuginfo-6.2.5.2-3.18.5 libreoffice-impress-6.2.5.2-3.18.5 libreoffice-impress-debuginfo-6.2.5.2-3.18.5 libreoffice-mailmerge-6.2.5.2-3.18.5 libreoffice-math-6.2.5.2-3.18.5 libreoffice-math-debuginfo-6.2.5.2-3.18.5 libreoffice-officebean-6.2.5.2-3.18.5 libreoffice-officebean-debuginfo-6.2.5.2-3.18.5 libreoffice-pyuno-6.2.5.2-3.18.5 libreoffice-pyuno-debuginfo-6.2.5.2-3.18.5 libreoffice-writer-6.2.5.2-3.18.5 libreoffice-writer-debuginfo-6.2.5.2-3.18.5 libreoffice-writer-extensions-6.2.5.2-3.18.5 libreofficekit-6.2.5.2-3.18.5 libwps-0_4-4-0.4.10-3.6.7 libwps-0_4-4-debuginfo-0.4.10-3.6.7 libwps-debuginfo-0.4.10-3.6.7 libwps-debugsource-0.4.10-3.6.7 libwps-devel-0.4.10-3.6.7 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.2.5.2-3.18.5 libreoffice-icon-themes-6.2.5.2-3.18.5 libreoffice-l10n-af-6.2.5.2-3.18.5 libreoffice-l10n-ar-6.2.5.2-3.18.5 libreoffice-l10n-as-6.2.5.2-3.18.5 libreoffice-l10n-bg-6.2.5.2-3.18.5 libreoffice-l10n-bn-6.2.5.2-3.18.5 libreoffice-l10n-br-6.2.5.2-3.18.5 libreoffice-l10n-ca-6.2.5.2-3.18.5 libreoffice-l10n-cs-6.2.5.2-3.18.5 libreoffice-l10n-cy-6.2.5.2-3.18.5 libreoffice-l10n-da-6.2.5.2-3.18.5 libreoffice-l10n-de-6.2.5.2-3.18.5 libreoffice-l10n-dz-6.2.5.2-3.18.5 libreoffice-l10n-el-6.2.5.2-3.18.5 libreoffice-l10n-en-6.2.5.2-3.18.5 libreoffice-l10n-eo-6.2.5.2-3.18.5 libreoffice-l10n-es-6.2.5.2-3.18.5 libreoffice-l10n-et-6.2.5.2-3.18.5 libreoffice-l10n-eu-6.2.5.2-3.18.5 libreoffice-l10n-fa-6.2.5.2-3.18.5 libreoffice-l10n-fi-6.2.5.2-3.18.5 libreoffice-l10n-fr-6.2.5.2-3.18.5 libreoffice-l10n-ga-6.2.5.2-3.18.5 libreoffice-l10n-gl-6.2.5.2-3.18.5 libreoffice-l10n-gu-6.2.5.2-3.18.5 libreoffice-l10n-he-6.2.5.2-3.18.5 libreoffice-l10n-hi-6.2.5.2-3.18.5 libreoffice-l10n-hr-6.2.5.2-3.18.5 libreoffice-l10n-hu-6.2.5.2-3.18.5 libreoffice-l10n-it-6.2.5.2-3.18.5 libreoffice-l10n-ja-6.2.5.2-3.18.5 libreoffice-l10n-kk-6.2.5.2-3.18.5 libreoffice-l10n-kn-6.2.5.2-3.18.5 libreoffice-l10n-ko-6.2.5.2-3.18.5 libreoffice-l10n-lt-6.2.5.2-3.18.5 libreoffice-l10n-lv-6.2.5.2-3.18.5 libreoffice-l10n-mai-6.2.5.2-3.18.5 libreoffice-l10n-ml-6.2.5.2-3.18.5 libreoffice-l10n-mr-6.2.5.2-3.18.5 libreoffice-l10n-nb-6.2.5.2-3.18.5 libreoffice-l10n-nl-6.2.5.2-3.18.5 libreoffice-l10n-nn-6.2.5.2-3.18.5 libreoffice-l10n-nr-6.2.5.2-3.18.5 libreoffice-l10n-nso-6.2.5.2-3.18.5 libreoffice-l10n-or-6.2.5.2-3.18.5 libreoffice-l10n-pa-6.2.5.2-3.18.5 libreoffice-l10n-pl-6.2.5.2-3.18.5 libreoffice-l10n-pt_BR-6.2.5.2-3.18.5 libreoffice-l10n-pt_PT-6.2.5.2-3.18.5 libreoffice-l10n-ro-6.2.5.2-3.18.5 libreoffice-l10n-ru-6.2.5.2-3.18.5 libreoffice-l10n-si-6.2.5.2-3.18.5 libreoffice-l10n-sk-6.2.5.2-3.18.5 libreoffice-l10n-sl-6.2.5.2-3.18.5 libreoffice-l10n-sr-6.2.5.2-3.18.5 libreoffice-l10n-ss-6.2.5.2-3.18.5 libreoffice-l10n-st-6.2.5.2-3.18.5 libreoffice-l10n-sv-6.2.5.2-3.18.5 libreoffice-l10n-ta-6.2.5.2-3.18.5 libreoffice-l10n-te-6.2.5.2-3.18.5 libreoffice-l10n-th-6.2.5.2-3.18.5 libreoffice-l10n-tn-6.2.5.2-3.18.5 libreoffice-l10n-tr-6.2.5.2-3.18.5 libreoffice-l10n-ts-6.2.5.2-3.18.5 libreoffice-l10n-uk-6.2.5.2-3.18.5 libreoffice-l10n-ve-6.2.5.2-3.18.5 libreoffice-l10n-xh-6.2.5.2-3.18.5 libreoffice-l10n-zh_CN-6.2.5.2-3.18.5 libreoffice-l10n-zh_TW-6.2.5.2-3.18.5 libreoffice-l10n-zu-6.2.5.2-3.18.5 myspell-af_ZA-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 libixion-devel-0.14.1-4.3.8 libixion-tools-0.14.1-4.3.8 libixion-tools-debuginfo-0.14.1-4.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-tools-0.14.1-3.3.8 liborcus-tools-debuginfo-0.14.1-3.3.8 python3-libixion-0.14.1-4.3.8 python3-libixion-debuginfo-0.14.1-4.3.8 python3-liborcus-0.14.1-3.3.8 python3-liborcus-debuginfo-0.14.1-3.3.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): mdds-1_4-devel-1.4.3-1.3.7 myspell-af_NA-20190423-3.9.7 myspell-af_ZA-20190423-3.9.7 myspell-an-20190423-3.9.7 myspell-an_ES-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-ar_AE-20190423-3.9.7 myspell-ar_BH-20190423-3.9.7 myspell-ar_DZ-20190423-3.9.7 myspell-ar_EG-20190423-3.9.7 myspell-ar_IQ-20190423-3.9.7 myspell-ar_JO-20190423-3.9.7 myspell-ar_KW-20190423-3.9.7 myspell-ar_LB-20190423-3.9.7 myspell-ar_LY-20190423-3.9.7 myspell-ar_MA-20190423-3.9.7 myspell-ar_OM-20190423-3.9.7 myspell-ar_QA-20190423-3.9.7 myspell-ar_SA-20190423-3.9.7 myspell-ar_SD-20190423-3.9.7 myspell-ar_SY-20190423-3.9.7 myspell-ar_TN-20190423-3.9.7 myspell-ar_YE-20190423-3.9.7 myspell-be_BY-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-bn_IN-20190423-3.9.7 myspell-bo-20190423-3.9.7 myspell-bo_CN-20190423-3.9.7 myspell-bo_IN-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-bs-20190423-3.9.7 myspell-bs_BA-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-ca_AD-20190423-3.9.7 myspell-ca_ES-20190423-3.9.7 myspell-ca_ES_valencia-20190423-3.9.7 myspell-ca_FR-20190423-3.9.7 myspell-ca_IT-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-de_AT-20190423-3.9.7 myspell-de_CH-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-en_AU-20190423-3.9.7 myspell-en_BS-20190423-3.9.7 myspell-en_BZ-20190423-3.9.7 myspell-en_CA-20190423-3.9.7 myspell-en_GB-20190423-3.9.7 myspell-en_GH-20190423-3.9.7 myspell-en_IE-20190423-3.9.7 myspell-en_IN-20190423-3.9.7 myspell-en_JM-20190423-3.9.7 myspell-en_MW-20190423-3.9.7 myspell-en_NA-20190423-3.9.7 myspell-en_NZ-20190423-3.9.7 myspell-en_PH-20190423-3.9.7 myspell-en_TT-20190423-3.9.7 myspell-en_ZA-20190423-3.9.7 myspell-en_ZW-20190423-3.9.7 myspell-es_AR-20190423-3.9.7 myspell-es_BO-20190423-3.9.7 myspell-es_CL-20190423-3.9.7 myspell-es_CO-20190423-3.9.7 myspell-es_CR-20190423-3.9.7 myspell-es_CU-20190423-3.9.7 myspell-es_DO-20190423-3.9.7 myspell-es_EC-20190423-3.9.7 myspell-es_GT-20190423-3.9.7 myspell-es_HN-20190423-3.9.7 myspell-es_MX-20190423-3.9.7 myspell-es_NI-20190423-3.9.7 myspell-es_PA-20190423-3.9.7 myspell-es_PE-20190423-3.9.7 myspell-es_PR-20190423-3.9.7 myspell-es_PY-20190423-3.9.7 myspell-es_SV-20190423-3.9.7 myspell-es_UY-20190423-3.9.7 myspell-es_VE-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_BE-20190423-3.9.7 myspell-fr_CA-20190423-3.9.7 myspell-fr_CH-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-fr_LU-20190423-3.9.7 myspell-fr_MC-20190423-3.9.7 myspell-gd_GB-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gl_ES-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-gug-20190423-3.9.7 myspell-gug_PY-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-id-20190423-3.9.7 myspell-id_ID-20190423-3.9.7 myspell-is-20190423-3.9.7 myspell-is_IS-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-kmr_Latn-20190423-3.9.7 myspell-kmr_Latn_SY-20190423-3.9.7 myspell-kmr_Latn_TR-20190423-3.9.7 myspell-lo_LA-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-ne_NP-20190423-3.9.7 myspell-nl_BE-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-oc_FR-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_AO-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sq_AL-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sr_CS-20190423-3.9.7 myspell-sr_Latn_CS-20190423-3.9.7 myspell-sr_Latn_RS-20190423-3.9.7 myspell-sr_RS-20190423-3.9.7 myspell-sv_FI-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-sw_TZ-20190423-3.9.7 myspell-te-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-vi-20190423-3.9.7 myspell-vi_VN-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 libixion-devel-0.14.1-4.3.8 libixion-tools-0.14.1-4.3.8 libixion-tools-debuginfo-0.14.1-4.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-tools-0.14.1-3.3.8 liborcus-tools-debuginfo-0.14.1-3.3.8 libwps-debuginfo-0.4.10-3.6.7 libwps-debugsource-0.4.10-3.6.7 libwps-tools-0.4.10-3.6.7 libwps-tools-debuginfo-0.4.10-3.6.7 python3-libixion-0.14.1-4.3.8 python3-libixion-debuginfo-0.14.1-4.3.8 python3-liborcus-0.14.1-3.3.8 python3-liborcus-debuginfo-0.14.1-3.3.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): mdds-1_4-devel-1.4.3-1.3.7 myspell-af_NA-20190423-3.9.7 myspell-an-20190423-3.9.7 myspell-an_ES-20190423-3.9.7 myspell-ar_AE-20190423-3.9.7 myspell-ar_BH-20190423-3.9.7 myspell-ar_DZ-20190423-3.9.7 myspell-ar_EG-20190423-3.9.7 myspell-ar_IQ-20190423-3.9.7 myspell-ar_JO-20190423-3.9.7 myspell-ar_KW-20190423-3.9.7 myspell-ar_LB-20190423-3.9.7 myspell-ar_LY-20190423-3.9.7 myspell-ar_MA-20190423-3.9.7 myspell-ar_OM-20190423-3.9.7 myspell-ar_QA-20190423-3.9.7 myspell-ar_SA-20190423-3.9.7 myspell-ar_SD-20190423-3.9.7 myspell-ar_SY-20190423-3.9.7 myspell-ar_TN-20190423-3.9.7 myspell-ar_YE-20190423-3.9.7 myspell-be_BY-20190423-3.9.7 myspell-bn_IN-20190423-3.9.7 myspell-bo-20190423-3.9.7 myspell-bo_CN-20190423-3.9.7 myspell-bo_IN-20190423-3.9.7 myspell-bs-20190423-3.9.7 myspell-bs_BA-20190423-3.9.7 myspell-ca_AD-20190423-3.9.7 myspell-ca_ES-20190423-3.9.7 myspell-ca_ES_valencia-20190423-3.9.7 myspell-ca_FR-20190423-3.9.7 myspell-ca_IT-20190423-3.9.7 myspell-de_AT-20190423-3.9.7 myspell-de_CH-20190423-3.9.7 myspell-en_AU-20190423-3.9.7 myspell-en_BS-20190423-3.9.7 myspell-en_BZ-20190423-3.9.7 myspell-en_CA-20190423-3.9.7 myspell-en_GB-20190423-3.9.7 myspell-en_GH-20190423-3.9.7 myspell-en_IE-20190423-3.9.7 myspell-en_IN-20190423-3.9.7 myspell-en_JM-20190423-3.9.7 myspell-en_MW-20190423-3.9.7 myspell-en_NA-20190423-3.9.7 myspell-en_NZ-20190423-3.9.7 myspell-en_PH-20190423-3.9.7 myspell-en_TT-20190423-3.9.7 myspell-en_ZA-20190423-3.9.7 myspell-en_ZW-20190423-3.9.7 myspell-es_AR-20190423-3.9.7 myspell-es_BO-20190423-3.9.7 myspell-es_CL-20190423-3.9.7 myspell-es_CO-20190423-3.9.7 myspell-es_CR-20190423-3.9.7 myspell-es_CU-20190423-3.9.7 myspell-es_DO-20190423-3.9.7 myspell-es_EC-20190423-3.9.7 myspell-es_GT-20190423-3.9.7 myspell-es_HN-20190423-3.9.7 myspell-es_MX-20190423-3.9.7 myspell-es_NI-20190423-3.9.7 myspell-es_PA-20190423-3.9.7 myspell-es_PE-20190423-3.9.7 myspell-es_PR-20190423-3.9.7 myspell-es_PY-20190423-3.9.7 myspell-es_SV-20190423-3.9.7 myspell-es_UY-20190423-3.9.7 myspell-es_VE-20190423-3.9.7 myspell-fr_BE-20190423-3.9.7 myspell-fr_CA-20190423-3.9.7 myspell-fr_CH-20190423-3.9.7 myspell-fr_LU-20190423-3.9.7 myspell-fr_MC-20190423-3.9.7 myspell-gd_GB-20190423-3.9.7 myspell-gl_ES-20190423-3.9.7 myspell-gug-20190423-3.9.7 myspell-gug_PY-20190423-3.9.7 myspell-is-20190423-3.9.7 myspell-is_IS-20190423-3.9.7 myspell-kmr_Latn-20190423-3.9.7 myspell-kmr_Latn_SY-20190423-3.9.7 myspell-kmr_Latn_TR-20190423-3.9.7 myspell-lo_LA-20190423-3.9.7 myspell-ne_NP-20190423-3.9.7 myspell-nl_BE-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-oc_FR-20190423-3.9.7 myspell-pt_AO-20190423-3.9.7 myspell-sq_AL-20190423-3.9.7 myspell-sr_CS-20190423-3.9.7 myspell-sr_Latn_CS-20190423-3.9.7 myspell-sr_Latn_RS-20190423-3.9.7 myspell-sr_RS-20190423-3.9.7 myspell-sv_FI-20190423-3.9.7 myspell-sw_TZ-20190423-3.9.7 myspell-te-20190423-3.9.7 myspell-vi-20190423-3.9.7 myspell-vi_VN-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20190423-3.9.7 myspell-lightproof-en-20190423-3.9.7 myspell-lightproof-hu_HU-20190423-3.9.7 myspell-lightproof-pt_BR-20190423-3.9.7 myspell-lightproof-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): myspell-de-20190423-3.9.7 myspell-de_DE-20190423-3.9.7 myspell-en-20190423-3.9.7 myspell-en_US-20190423-3.9.7 myspell-es-20190423-3.9.7 myspell-es_ES-20190423-3.9.7 myspell-hu_HU-20190423-3.9.7 myspell-nb_NO-20190423-3.9.7 myspell-no-20190423-3.9.7 myspell-pt_BR-20190423-3.9.7 myspell-ro-20190423-3.9.7 myspell-ro_RO-20190423-3.9.7 myspell-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20190423-3.9.7 myspell-lightproof-en-20190423-3.9.7 myspell-lightproof-hu_HU-20190423-3.9.7 myspell-lightproof-pt_BR-20190423-3.9.7 myspell-lightproof-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): myspell-de-20190423-3.9.7 myspell-de_DE-20190423-3.9.7 myspell-en-20190423-3.9.7 myspell-en_US-20190423-3.9.7 myspell-es-20190423-3.9.7 myspell-es_ES-20190423-3.9.7 myspell-hu_HU-20190423-3.9.7 myspell-nb_NO-20190423-3.9.7 myspell-no-20190423-3.9.7 myspell-pt_BR-20190423-3.9.7 myspell-ro-20190423-3.9.7 myspell-ro_RO-20190423-3.9.7 myspell-ru_RU-20190423-3.9.7 References: https://www.suse.com/security/cve/CVE-2018-16858.html https://bugzilla.suse.com/1089811 https://bugzilla.suse.com/1116451 https://bugzilla.suse.com/1121874 https://bugzilla.suse.com/1123131 https://bugzilla.suse.com/1123455 https://bugzilla.suse.com/1124062 https://bugzilla.suse.com/1124869 https://bugzilla.suse.com/1127760 https://bugzilla.suse.com/1127857 https://bugzilla.suse.com/1128845 https://bugzilla.suse.com/1135189 https://bugzilla.suse.com/1135228 From sle-updates at lists.suse.com Thu Jul 18 16:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:10:32 +0200 (CEST) Subject: SUSE-SU-2019:14127-1: important: Security update for the Linux Kernel Message-ID: <20190718221032.B961CFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14127-1 Rating: important References: #1063416 #1090078 #1102340 #1120758 #1134395 #1134835 #1135650 #1136424 #1137194 #1138943 #1139751 Cross-References: CVE-2018-20836 CVE-2018-5390 CVE-2019-12614 CVE-2019-3459 CVE-2019-3460 CVE-2019-3846 CVE-2019-3896 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758). - CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446). The following non-security bugs were fixed: - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835). - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650). - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650). - tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14127=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14127=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14127=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.98.1 kernel-default-base-3.0.101-108.98.1 kernel-default-devel-3.0.101-108.98.1 kernel-source-3.0.101-108.98.1 kernel-syms-3.0.101-108.98.1 kernel-trace-3.0.101-108.98.1 kernel-trace-base-3.0.101-108.98.1 kernel-trace-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.98.1 kernel-ec2-base-3.0.101-108.98.1 kernel-ec2-devel-3.0.101-108.98.1 kernel-xen-3.0.101-108.98.1 kernel-xen-base-3.0.101-108.98.1 kernel-xen-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.98.1 kernel-bigmem-base-3.0.101-108.98.1 kernel-bigmem-devel-3.0.101-108.98.1 kernel-ppc64-3.0.101-108.98.1 kernel-ppc64-base-3.0.101-108.98.1 kernel-ppc64-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.98.1 kernel-pae-base-3.0.101-108.98.1 kernel-pae-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.98.1 kernel-default-debugsource-3.0.101-108.98.1 kernel-trace-debuginfo-3.0.101-108.98.1 kernel-trace-debugsource-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.98.1 kernel-trace-devel-debuginfo-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.98.1 kernel-ec2-debugsource-3.0.101-108.98.1 kernel-xen-debuginfo-3.0.101-108.98.1 kernel-xen-debugsource-3.0.101-108.98.1 kernel-xen-devel-debuginfo-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.98.1 kernel-bigmem-debugsource-3.0.101-108.98.1 kernel-ppc64-debuginfo-3.0.101-108.98.1 kernel-ppc64-debugsource-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.98.1 kernel-pae-debugsource-3.0.101-108.98.1 kernel-pae-devel-debuginfo-3.0.101-108.98.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-3896.html https://bugzilla.suse.com/1063416 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134835 https://bugzilla.suse.com/1135650 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138943 https://bugzilla.suse.com/1139751 From sle-updates at lists.suse.com Thu Jul 18 16:12:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:12:41 +0200 (CEST) Subject: SUSE-SU-2019:1896-1: moderate: Security update for libxml2 Message-ID: <20190718221241.0FDD9FFE6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1896-1 Rating: moderate References: #1010675 #1110146 #1126613 Cross-References: CVE-2016-9318 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1896=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1896=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1896=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.20.1 libxml2-devel-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 python-libxml2-2.9.4-46.20.1 python-libxml2-debuginfo-2.9.4-46.20.1 python-libxml2-debugsource-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libxml2-2-32bit-2.9.4-46.20.1 libxml2-2-debuginfo-32bit-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): libxml2-doc-2.9.4-46.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-32bit-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-2-debuginfo-32bit-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 python-libxml2-2.9.4-46.20.1 python-libxml2-debuginfo-2.9.4-46.20.1 python-libxml2-debugsource-2.9.4-46.20.1 - SUSE CaaS Platform 3.0 (x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1110146 https://bugzilla.suse.com/1126613 From sle-updates at lists.suse.com Thu Jul 18 16:13:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:13:37 +0200 (CEST) Subject: SUSE-SU-2019:1895-1: moderate: Security update for tomcat Message-ID: <20190718221337.768D7FFE6@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1895-1 Rating: moderate References: #1111966 #1131055 #1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). Non-security issues fixed: - Increase maximum number of threads and open files for tomcat (bsc#1111966). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-1895=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1895=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.21-4.5.5 tomcat-admin-webapps-9.0.21-4.5.5 tomcat-el-3_0-api-9.0.21-4.5.5 tomcat-jsp-2_3-api-9.0.21-4.5.5 tomcat-lib-9.0.21-4.5.5 tomcat-servlet-4_0-api-9.0.21-4.5.5 tomcat-webapps-9.0.21-4.5.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): tomcat-docs-webapp-9.0.21-4.5.5 tomcat-embed-9.0.21-4.5.5 tomcat-javadoc-9.0.21-4.5.5 tomcat-jsvc-9.0.21-4.5.5 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://www.suse.com/security/cve/CVE-2019-0221.html https://bugzilla.suse.com/1111966 https://bugzilla.suse.com/1131055 https://bugzilla.suse.com/1136085 From sle-updates at lists.suse.com Fri Jul 19 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-RU-2019:1898-1: important: Recommended update for grub2 Message-ID: <20190719131036.ADC68FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1898-1 Rating: important References: #1134287 #1139345 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1898=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1898=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.15.1 grub2-debuginfo-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): grub2-arm64-efi-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.15.1 grub2-systemd-sleep-plugin-2.02-12.15.1 grub2-x86_64-xen-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): grub2-i386-pc-2.02-12.15.1 grub2-x86_64-efi-2.02-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): grub2-s390x-emu-2.02-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.15.1 grub2-systemd-sleep-plugin-2.02-12.15.1 grub2-x86_64-xen-2.02-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): grub2-2.02-12.15.1 grub2-debuginfo-2.02-12.15.1 grub2-debugsource-2.02-12.15.1 grub2-i386-pc-2.02-12.15.1 grub2-x86_64-efi-2.02-12.15.1 References: https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Fri Jul 19 10:11:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:11:01 +0200 (CEST) Subject: SUSE-RU-2019:1911-1: important: Recommended update for grub2 Message-ID: <20190719161101.3CB13FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1911-1 Rating: important References: #1134287 #1139345 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1911=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1911=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1911=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1911=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1911=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1911=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1911=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE Enterprise Storage 5 (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.43.1 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - HPE Helion Openstack 8 (x86_64): grub2-2.02-4.43.1 grub2-debuginfo-2.02-4.43.1 grub2-debugsource-2.02-4.43.1 grub2-i386-pc-2.02-4.43.1 grub2-x86_64-efi-2.02-4.43.1 grub2-x86_64-xen-2.02-4.43.1 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-4.43.1 grub2-systemd-sleep-plugin-2.02-4.43.1 References: https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Fri Jul 19 10:11:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:11:54 +0200 (CEST) Subject: SUSE-SU-2019:1909-1: important: Security update for ucode-intel Message-ID: <20190719161154.9271BFEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1909-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1909=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190618-3.22.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Fri Jul 19 10:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:12:35 +0200 (CEST) Subject: SUSE-RU-2019:1899-1: moderate: Recommended update for hawk2 Message-ID: <20190719161235.462D6FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1899-1 Rating: moderate References: #1137891 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issues: - Fix nameless cluster displaying a blank screen on UI cluster dashboard. (bsc#1137891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1899=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.1.0+git.1516013868.bada8da4-2.16.1 hawk2-debuginfo-2.1.0+git.1516013868.bada8da4-2.16.1 hawk2-debugsource-2.1.0+git.1516013868.bada8da4-2.16.1 References: https://bugzilla.suse.com/1137891 From sle-updates at lists.suse.com Fri Jul 19 10:13:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:13:12 +0200 (CEST) Subject: SUSE-RU-2019:1900-1: moderate: Recommended update for rsyslog Message-ID: <20190719161312.DA760FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1900-1 Rating: moderate References: #1141022 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - The rsyslog-module-mmjsonparse is shipped for the Enterprise Server. (bsc#1141022 FATE#324208) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1900=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1900=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): liblognorm5-2.0.2-3.2.1 liblognorm5-debuginfo-2.0.2-3.2.1 rsyslog-8.24.0-3.28.2 rsyslog-debuginfo-8.24.0-3.28.2 rsyslog-debugsource-8.24.0-3.28.2 rsyslog-diag-tools-8.24.0-3.28.2 rsyslog-diag-tools-debuginfo-8.24.0-3.28.2 rsyslog-doc-8.24.0-3.28.2 rsyslog-module-gssapi-8.24.0-3.28.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.28.2 rsyslog-module-gtls-8.24.0-3.28.2 rsyslog-module-gtls-debuginfo-8.24.0-3.28.2 rsyslog-module-mmnormalize-8.24.0-3.28.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.28.2 rsyslog-module-mysql-8.24.0-3.28.2 rsyslog-module-mysql-debuginfo-8.24.0-3.28.2 rsyslog-module-pgsql-8.24.0-3.28.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.28.2 rsyslog-module-relp-8.24.0-3.28.2 rsyslog-module-relp-debuginfo-8.24.0-3.28.2 rsyslog-module-snmp-8.24.0-3.28.2 rsyslog-module-snmp-debuginfo-8.24.0-3.28.2 rsyslog-module-udpspoof-8.24.0-3.28.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.28.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rsyslog-8.24.0-3.28.2 rsyslog-debuginfo-8.24.0-3.28.2 rsyslog-debugsource-8.24.0-3.28.2 - SUSE CaaS Platform 3.0 (x86_64): liblognorm5-2.0.2-3.2.1 liblognorm5-debuginfo-2.0.2-3.2.1 rsyslog-8.24.0-3.28.2 rsyslog-debuginfo-8.24.0-3.28.2 rsyslog-debugsource-8.24.0-3.28.2 rsyslog-module-mmnormalize-8.24.0-3.28.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.28.2 References: https://bugzilla.suse.com/1141022 From sle-updates at lists.suse.com Fri Jul 19 10:13:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:13:49 +0200 (CEST) Subject: SUSE-SU-2019:1910-1: important: Security update for ucode-intel Message-ID: <20190719161349.263D7FEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1910-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1910=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): ucode-intel-20190618-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Fri Jul 19 10:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:14:29 +0200 (CEST) Subject: SUSE-RU-2019:14129-1: important: Recommended update for openssh Message-ID: <20190719161429.A13D8FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14129-1 Rating: important References: #1138936 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssh-14129=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-14129=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): openssh-6.6p1-36.23.1 openssh-askpass-gnome-6.6p1-36.23.1 openssh-fips-6.6p1-36.23.1 openssh-helpers-6.6p1-36.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.23.1 openssh-debuginfo-6.6p1-36.23.1 openssh-debugsource-6.6p1-36.23.1 References: https://bugzilla.suse.com/1138936 From sle-updates at lists.suse.com Fri Jul 19 10:15:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:15:10 +0200 (CEST) Subject: SUSE-RU-2019:1902-1: important: Recommended update for openssh Message-ID: <20190719161510.9DA30FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1902-1 Rating: important References: #1138936 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1902=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1902=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.39.1 openssh-askpass-gnome-6.6p1-54.39.1 openssh-askpass-gnome-debuginfo-6.6p1-54.39.1 openssh-debuginfo-6.6p1-54.39.1 openssh-debugsource-6.6p1-54.39.1 openssh-fips-6.6p1-54.39.1 openssh-helpers-6.6p1-54.39.1 openssh-helpers-debuginfo-6.6p1-54.39.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.39.1 openssh-askpass-gnome-6.6p1-54.39.1 openssh-askpass-gnome-debuginfo-6.6p1-54.39.1 openssh-debuginfo-6.6p1-54.39.1 openssh-debugsource-6.6p1-54.39.1 openssh-fips-6.6p1-54.39.1 openssh-helpers-6.6p1-54.39.1 openssh-helpers-debuginfo-6.6p1-54.39.1 References: https://bugzilla.suse.com/1138936 From sle-updates at lists.suse.com Fri Jul 19 10:15:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:15:54 +0200 (CEST) Subject: SUSE-RU-2019:1904-1: important: Recommended update for openssh Message-ID: <20190719161554.EE170FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1904-1 Rating: important References: #1138936 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1904=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1904=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1904=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1904=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1904=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1904=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1904=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1904=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1904=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1904=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1904=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1904=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1904=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1904=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1904=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1904=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE OpenStack Cloud 8 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Enterprise Storage 5 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE Enterprise Storage 4 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 - SUSE CaaS Platform 3.0 (x86_64): openssh-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 - HPE Helion Openstack 8 (x86_64): openssh-7.2p2-74.45.1 openssh-askpass-gnome-7.2p2-74.45.1 openssh-askpass-gnome-debuginfo-7.2p2-74.45.1 openssh-debuginfo-7.2p2-74.45.1 openssh-debugsource-7.2p2-74.45.1 openssh-fips-7.2p2-74.45.1 openssh-helpers-7.2p2-74.45.1 openssh-helpers-debuginfo-7.2p2-74.45.1 References: https://bugzilla.suse.com/1138936 From sle-updates at lists.suse.com Fri Jul 19 10:16:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:16:38 +0200 (CEST) Subject: SUSE-RU-2019:14130-1: important: Recommended update for openssh Message-ID: <20190719161638.2F6FDFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14130-1 Rating: important References: #1138936 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fix a regression in utf-8 handling that could cause crashes of scp (bsc#1138936). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-14130=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-14130=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.6p1-41.21.1 openssh-askpass-gnome-6.6p1-41.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-41.21.1 openssh-debuginfo-6.6p1-41.21.1 openssh-debugsource-6.6p1-41.21.1 References: https://bugzilla.suse.com/1138936 From sle-updates at lists.suse.com Fri Jul 19 10:17:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:17:18 +0200 (CEST) Subject: SUSE-RU-2019:1908-1: important: Recommended update for grub2 Message-ID: <20190719161718.8BEF7FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1908-1 Rating: important References: #1134287 #1139345 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1908=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1908=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1908=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.30.1 grub2-debugsource-2.02-19.30.1 grub2-x86_64-xen-2.02-19.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-19.30.1 grub2-debuginfo-2.02-19.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.30.1 grub2-debuginfo-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.30.1 grub2-systemd-sleep-plugin-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.30.1 grub2-x86_64-efi-2.02-19.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.30.1 References: https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Fri Jul 19 10:18:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:18:07 +0200 (CEST) Subject: SUSE-RU-2019:14128-1: moderate: Recommended update for smt Message-ID: <20190719161807.4E5DFFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14128-1 Rating: moderate References: #1129844 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt provides the following fixes: - Extend Subscription name and product class fields to 256 chars. (bsc#1129844) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-14128=1 Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.35-50.11.1 smt-2.0.35-50.11.1 smt-support-2.0.35-50.11.1 References: https://bugzilla.suse.com/1129844 From sle-updates at lists.suse.com Fri Jul 19 10:18:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:18:48 +0200 (CEST) Subject: SUSE-RU-2019:1901-1: moderate: Recommended update for powerpc-utils Message-ID: <20190719161848.8F666FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1901-1 Rating: moderate References: #1139456 #1139777 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Change the file permissions of smt_off.service to 644. (bsc#1139777) - Backport lprstat, scripts, update_flash, ppc64_cpu and lsslot fixes. (jsc#SLE-6176, bsc#1139456) - lparstat: - add an option to print the lparstat report similar to legacy lparstat tool - introduce the help command line option to print lparstat usage - restrict the physc and entc attribute values to two decimal places - correct calculation of physc to use tbr - Enable desired and maximum memory stats - Show available physical processors in the shared pool - scripts: Improve handling of errors from subsidiary scripts - update_flash: - Add details to extract rpm format image - ppc64_cpu: Limit number of CPUs for frequency calculation - lsslot: - Add ibm,dynamic-memory-v2 parsing capability - Split dynamic-memory v1 parsing into separate routine - Patch to display logical name using bootlist -o option. (jsc#SLE-6176, bsc#1139456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1901=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (ppc64le): powerpc-utils-1.3.7-5.6.1 powerpc-utils-debuginfo-1.3.7-5.6.1 powerpc-utils-debugsource-1.3.7-5.6.1 References: https://bugzilla.suse.com/1139456 https://bugzilla.suse.com/1139777 From sle-updates at lists.suse.com Fri Jul 19 13:21:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Jul 2019 21:21:48 +0200 (CEST) Subject: SUSE-RU-2019:1912-1: important: Recommended update for grub2 Message-ID: <20190719192148.1F4DDFFC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1912-1 Rating: important References: #1134287 #1139345 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1912=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1912=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1912=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1912=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1912=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.39.1 grub2-debuginfo-2.02~beta2-115.39.1 grub2-debugsource-2.02~beta2-115.39.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.39.1 grub2-x86_64-efi-2.02~beta2-115.39.1 grub2-x86_64-xen-2.02~beta2-115.39.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.39.1 grub2-systemd-sleep-plugin-2.02~beta2-115.39.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.39.1 grub2-debuginfo-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.39.1 grub2-systemd-sleep-plugin-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.39.1 grub2-i386-pc-2.02~beta2-115.39.1 grub2-x86_64-efi-2.02~beta2-115.39.1 grub2-x86_64-xen-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.39.1 grub2-debuginfo-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.39.1 grub2-systemd-sleep-plugin-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.39.1 grub2-x86_64-efi-2.02~beta2-115.39.1 grub2-x86_64-xen-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.39.1 grub2-debuginfo-2.02~beta2-115.39.1 grub2-debugsource-2.02~beta2-115.39.1 grub2-i386-pc-2.02~beta2-115.39.1 grub2-x86_64-efi-2.02~beta2-115.39.1 grub2-x86_64-xen-2.02~beta2-115.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.39.1 grub2-systemd-sleep-plugin-2.02~beta2-115.39.1 - SUSE Enterprise Storage 4 (noarch): grub2-snapper-plugin-2.02~beta2-115.39.1 grub2-systemd-sleep-plugin-2.02~beta2-115.39.1 - SUSE Enterprise Storage 4 (x86_64): grub2-2.02~beta2-115.39.1 grub2-debuginfo-2.02~beta2-115.39.1 grub2-debugsource-2.02~beta2-115.39.1 grub2-i386-pc-2.02~beta2-115.39.1 grub2-x86_64-efi-2.02~beta2-115.39.1 grub2-x86_64-xen-2.02~beta2-115.39.1 References: https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Mon Jul 22 04:13:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:13:17 +0200 (CEST) Subject: SUSE-RU-2019:1915-1: moderate: Recommended update for openslp Message-ID: <20190722101317.62ED8FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1915-1 Rating: moderate References: #1117969 #1136136 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1915=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1915=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1915=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.20.2 openslp-debugsource-2.0.0-18.20.2 openslp-devel-2.0.0-18.20.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.20.2 openslp-debuginfo-2.0.0-18.20.2 openslp-debugsource-2.0.0-18.20.2 openslp-server-2.0.0-18.20.2 openslp-server-debuginfo-2.0.0-18.20.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): openslp-32bit-2.0.0-18.20.2 openslp-debuginfo-32bit-2.0.0-18.20.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openslp-2.0.0-18.20.2 openslp-32bit-2.0.0-18.20.2 openslp-debuginfo-2.0.0-18.20.2 openslp-debuginfo-32bit-2.0.0-18.20.2 openslp-debugsource-2.0.0-18.20.2 - SUSE CaaS Platform 3.0 (x86_64): openslp-2.0.0-18.20.2 openslp-debuginfo-2.0.0-18.20.2 openslp-debugsource-2.0.0-18.20.2 References: https://bugzilla.suse.com/1117969 https://bugzilla.suse.com/1136136 From sle-updates at lists.suse.com Mon Jul 22 04:14:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:14:17 +0200 (CEST) Subject: SUSE-RU-2019:1917-1: moderate: Recommended update for resource-agents Message-ID: <20190722101417.EE97FFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1917-1 Rating: moderate References: #1140874 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Include the latest aws-vpc-route53 bug fixes and improvements from upstream. (bsc#1140874) - aws-vpc-route53: Removed absolute path for awk command. - Tuning on dig timeout on r53_monitor function. - Changes and improvements to r53_start r53_stop _update_record and r53_monitor functions. - Add --cli-connect-timeout 10 option to AWS CLI. - Replace ec2metada with curl to fetch the IP address directly from EC2 metadata. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1917=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-4.10.1 resource-agents-4.3.018.a7fb5035-4.10.1 resource-agents-debuginfo-4.3.018.a7fb5035-4.10.1 resource-agents-debugsource-4.3.018.a7fb5035-4.10.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-4.10.1 References: https://bugzilla.suse.com/1140874 From sle-updates at lists.suse.com Mon Jul 22 04:14:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:14:58 +0200 (CEST) Subject: SUSE-RU-2019:1918-1: moderate: Recommended update for hawk2 Message-ID: <20190722101458.E7420FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1918-1 Rating: moderate References: #1137891 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issues: - Fix nameless cluster displaying a blank screen on UI cluster dashboard. (bsc#1137891) - Added build dependency nodejs10 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1918=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.1.0+git.1539075484.48179981-3.3.1 hawk2-debuginfo-2.1.0+git.1539075484.48179981-3.3.1 hawk2-debugsource-2.1.0+git.1539075484.48179981-3.3.1 References: https://bugzilla.suse.com/1137891 From sle-updates at lists.suse.com Mon Jul 22 04:16:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:16:08 +0200 (CEST) Subject: SUSE-RU-2019:1913-1: moderate: Recommended update for gjs Message-ID: <20190722101608.4FD4FFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gjs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1913-1 Rating: moderate References: #1093541 #1117221 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gjs provides the following fixes: - Removes unnecessary Shell.GenericContainer log messages unless G_MESSAGES_DEBUG is set. (bsc#1117221) - Garbage Collector will now run repeatedly until there are no more objects to be destroyed. This addresses a memory leak issue. (bsc#1093541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1913=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1913=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gjs-1.50.4-4.5.1 gjs-debuginfo-1.50.4-4.5.1 gjs-debugsource-1.50.4-4.5.1 libgjs-devel-1.50.4-4.5.1 libgjs0-1.50.4-4.5.1 libgjs0-debuginfo-1.50.4-4.5.1 typelib-1_0-GjsPrivate-1_0-1.50.4-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gjs-1.50.4-4.5.1 gjs-debuginfo-1.50.4-4.5.1 gjs-debugsource-1.50.4-4.5.1 libgjs-devel-1.50.4-4.5.1 libgjs0-1.50.4-4.5.1 libgjs0-debuginfo-1.50.4-4.5.1 typelib-1_0-GjsPrivate-1_0-1.50.4-4.5.1 References: https://bugzilla.suse.com/1093541 https://bugzilla.suse.com/1117221 From sle-updates at lists.suse.com Mon Jul 22 04:18:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:18:14 +0200 (CEST) Subject: SUSE-RU-2019:1916-1: moderate: Recommended update for yast2-saptune Message-ID: <20190722101814.9DDAFFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1916-1 Rating: moderate References: #1077615 #1135879 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-saptune fixes the following issues: - Fix to disable tuned daemon, if saptune is not configured (bsc#1135879) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2019-1916=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-1916=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): yast2-saptune-1.3-3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): yast2-saptune-1.3-3.3.1 References: https://bugzilla.suse.com/1077615 https://bugzilla.suse.com/1135879 From sle-updates at lists.suse.com Mon Jul 22 04:19:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 12:19:04 +0200 (CEST) Subject: SUSE-RU-2019:1914-1: moderate: Recommended update for NetworkManager Message-ID: <20190722101904.02C35FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1914-1 Rating: moderate References: #1129587 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager fixes the following issues: - Add CAP_SYS_ADMIN which netconfig needs to call setdomainname. (bsc#1129587). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1914=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1914=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1914=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1914=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1914=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1914=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1914=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1914=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): NetworkManager-lang-1.10.6-5.9.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): NetworkManager-lang-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): NetworkManager-branding-upstream-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): NetworkManager-debugsource-1.10.6-5.9.1 NetworkManager-devel-32bit-1.10.6-5.9.1 libnm-glib-vpn1-32bit-1.10.6-5.9.1 libnm-glib-vpn1-32bit-debuginfo-1.10.6-5.9.1 libnm-glib4-32bit-1.10.6-5.9.1 libnm-glib4-32bit-debuginfo-1.10.6-5.9.1 libnm-util2-32bit-1.10.6-5.9.1 libnm-util2-32bit-debuginfo-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): NetworkManager-branding-upstream-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): NetworkManager-1.10.6-5.9.1 NetworkManager-debuginfo-1.10.6-5.9.1 NetworkManager-debugsource-1.10.6-5.9.1 NetworkManager-devel-1.10.6-5.9.1 libnm-glib-vpn1-1.10.6-5.9.1 libnm-glib-vpn1-debuginfo-1.10.6-5.9.1 libnm-glib4-1.10.6-5.9.1 libnm-glib4-debuginfo-1.10.6-5.9.1 libnm-util2-1.10.6-5.9.1 libnm-util2-debuginfo-1.10.6-5.9.1 typelib-1_0-NMClient-1_0-1.10.6-5.9.1 typelib-1_0-NetworkManager-1_0-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): NetworkManager-1.10.6-5.9.1 NetworkManager-debuginfo-1.10.6-5.9.1 NetworkManager-debugsource-1.10.6-5.9.1 NetworkManager-devel-1.10.6-5.9.1 libnm-glib-vpn1-1.10.6-5.9.1 libnm-glib-vpn1-debuginfo-1.10.6-5.9.1 libnm-glib4-1.10.6-5.9.1 libnm-glib4-debuginfo-1.10.6-5.9.1 libnm-util2-1.10.6-5.9.1 libnm-util2-debuginfo-1.10.6-5.9.1 typelib-1_0-NMClient-1_0-1.10.6-5.9.1 typelib-1_0-NetworkManager-1_0-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.10.6-5.9.1 NetworkManager-debugsource-1.10.6-5.9.1 libnm0-1.10.6-5.9.1 libnm0-debuginfo-1.10.6-5.9.1 typelib-1_0-NM-1_0-1.10.6-5.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.10.6-5.9.1 NetworkManager-debugsource-1.10.6-5.9.1 libnm0-1.10.6-5.9.1 libnm0-debuginfo-1.10.6-5.9.1 typelib-1_0-NM-1_0-1.10.6-5.9.1 References: https://bugzilla.suse.com/1129587 From sle-updates at lists.suse.com Mon Jul 22 07:10:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 15:10:08 +0200 (CEST) Subject: SUSE-RU-2019:1919-1: important: Recommended update for grub2 Message-ID: <20190722131008.4EEC9FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1919-1 Rating: important References: #1128592 #1133842 #1134287 #1139345 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). - Avoid high resolution when trying to keep current mode (bsc#1133842) - Make GRUB_SAVEDEFAULT working with btrfs (bsc#1128592) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1919=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1919=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1919=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-26.6.1 grub2-debuginfo-2.02-26.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.6.1 grub2-debuginfo-2.02-26.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.6.1 grub2-i386-pc-2.02-26.6.1 grub2-powerpc-ieee1275-2.02-26.6.1 grub2-snapper-plugin-2.02-26.6.1 grub2-systemd-sleep-plugin-2.02-26.6.1 grub2-x86_64-efi-2.02-26.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.6.1 References: https://bugzilla.suse.com/1128592 https://bugzilla.suse.com/1133842 https://bugzilla.suse.com/1134287 https://bugzilla.suse.com/1139345 From sle-updates at lists.suse.com Mon Jul 22 10:10:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Jul 2019 18:10:15 +0200 (CEST) Subject: SUSE-RU-2019:1920-1: moderate: Recommended update for hwinfo Message-ID: <20190722161015.1EA7FFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1920-1 Rating: moderate References: #1135819 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo fixes the following issues: - Fixes an issue where the UUID of a system was wrong (bsc#1135819) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1920=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): hwinfo-21.66-3.3.3 hwinfo-debuginfo-21.66-3.3.3 hwinfo-debugsource-21.66-3.3.3 hwinfo-devel-21.66-3.3.3 hwinfo-devel-debuginfo-21.66-3.3.3 References: https://bugzilla.suse.com/1135819 From sle-updates at lists.suse.com Tue Jul 23 07:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:11:15 +0200 (CEST) Subject: SUSE-SU-2019:1955-1: important: Security update for bzip2 Message-ID: <20190723131115.3FC89FEA9@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1955-1 Rating: important References: #1139083 #985657 Cross-References: CVE-2016-3189 CVE-2019-12900 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1955=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1955=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1955=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1955=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1955=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1955=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1955=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1955=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1955=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1955=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1955=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1955=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1955=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1955=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE OpenStack Cloud 8 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE OpenStack Cloud 7 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-devel-1.0.6-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-devel-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Enterprise Storage 5 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Enterprise Storage 5 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Enterprise Storage 4 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Enterprise Storage 4 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE CaaS Platform 3.0 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 https://bugzilla.suse.com/985657 From sle-updates at lists.suse.com Tue Jul 23 07:12:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:12:11 +0200 (CEST) Subject: SUSE-SU-2019:1954-1: important: Security update for ucode-intel Message-ID: <20190723131211.10264FEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1954-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1954=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1954=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1954=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1954=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1954=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1954=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1954=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1954=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1954=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1954=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1954=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1954=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1954=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1954=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1954=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE OpenStack Cloud 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Enterprise Storage 5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - HPE Helion Openstack 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue Jul 23 07:12:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:12:56 +0200 (CEST) Subject: SUSE-SU-2019:1935-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) Message-ID: <20190723131256.EB21AFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1935-1 Rating: important References: #1140747 Cross-References: CVE-2019-11478 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_115 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1953=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1935=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1927=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1953=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1935=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1927=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1941=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-3-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_115-default-3-2.1 kgraft-patch-3_12_74-60_64_115-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-3-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_115-default-3-2.1 kgraft-patch-3_12_74-60_64_115-xen-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_19-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Tue Jul 23 07:13:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:13:36 +0200 (CEST) Subject: SUSE-RU-2019:1956-1: moderate: Recommended update for kubernetes-salt Message-ID: <20190723131336.6D79AFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1956-1 Rating: moderate References: #1130242 #1131491 #1133494 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: * Improved hostname resolution from containers when attempting to resolve their own FQDN (bsc#1131491) * Adjust salt timeouts to prevent potential bootstrap failure (bsc#1130242) * Disabled uneeded consul module in salt to eliminate import error (bsc#1133494) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r993_7399ca7-3.74.1 References: https://bugzilla.suse.com/1130242 https://bugzilla.suse.com/1131491 https://bugzilla.suse.com/1133494 From sle-updates at lists.suse.com Tue Jul 23 07:14:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:14:30 +0200 (CEST) Subject: SUSE-SU-2019:1924-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20190723131430.CEC73FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1924-1 Rating: important References: #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1923=1 SUSE-SLE-SAP-12-SP1-2019-1924=1 SUSE-SLE-SAP-12-SP1-2019-1925=1 SUSE-SLE-SAP-12-SP1-2019-1926=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1923=1 SUSE-SLE-SERVER-12-SP1-2019-1924=1 SUSE-SLE-SERVER-12-SP1-2019-1925=1 SUSE-SLE-SERVER-12-SP1-2019-1926=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_104-default-8-2.1 kgraft-patch-3_12_74-60_64_104-xen-8-2.1 kgraft-patch-3_12_74-60_64_107-default-8-2.1 kgraft-patch-3_12_74-60_64_107-xen-8-2.1 kgraft-patch-3_12_74-60_64_110-default-4-2.1 kgraft-patch-3_12_74-60_64_110-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-10-2.1 kgraft-patch-3_12_74-60_64_99-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-8-2.1 kgraft-patch-3_12_74-60_64_104-xen-8-2.1 kgraft-patch-3_12_74-60_64_107-default-8-2.1 kgraft-patch-3_12_74-60_64_107-xen-8-2.1 kgraft-patch-3_12_74-60_64_110-default-4-2.1 kgraft-patch-3_12_74-60_64_110-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-10-2.1 kgraft-patch-3_12_74-60_64_99-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Tue Jul 23 07:15:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:15:16 +0200 (CEST) Subject: SUSE-RU-2019:1957-1: moderate: Recommended update for yast2-iscsi-client Message-ID: <20190723131516.6E808FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iscsi-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1957-1 Rating: moderate References: #1045139 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-iscsi-client fixes the following issues: - removed onboot startup mode for LUNs on S/390 (bsc#1045139) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1957=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1957=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-iscsi-client-3.1.31-3.3.5 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-iscsi-client-3.1.31-3.3.5 References: https://bugzilla.suse.com/1045139 From sle-updates at lists.suse.com Tue Jul 23 07:15:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:15:56 +0200 (CEST) Subject: SUSE-SU-2019:14133-1: important: Security update for microcode_ctl Message-ID: <20190723131556.4B62DFEA9@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14133-1 Rating: important References: #1111331 #1141977 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14133=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14133=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.41.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1141977 From sle-updates at lists.suse.com Tue Jul 23 07:17:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:17:11 +0200 (CEST) Subject: SUSE-SU-2019:1948-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) Message-ID: <20190723131711.89D7DFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1948-1 Rating: important References: #1136446 #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1942=1 SUSE-SLE-SAP-12-SP3-2019-1943=1 SUSE-SLE-SAP-12-SP3-2019-1944=1 SUSE-SLE-SAP-12-SP3-2019-1945=1 SUSE-SLE-SAP-12-SP3-2019-1946=1 SUSE-SLE-SAP-12-SP3-2019-1947=1 SUSE-SLE-SAP-12-SP3-2019-1948=1 SUSE-SLE-SAP-12-SP3-2019-1949=1 SUSE-SLE-SAP-12-SP3-2019-1950=1 SUSE-SLE-SAP-12-SP3-2019-1951=1 SUSE-SLE-SAP-12-SP3-2019-1952=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1928=1 SUSE-SLE-SAP-12-SP2-2019-1929=1 SUSE-SLE-SAP-12-SP2-2019-1931=1 SUSE-SLE-SAP-12-SP2-2019-1932=1 SUSE-SLE-SAP-12-SP2-2019-1933=1 SUSE-SLE-SAP-12-SP2-2019-1934=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1942=1 SUSE-SLE-SERVER-12-SP3-2019-1943=1 SUSE-SLE-SERVER-12-SP3-2019-1944=1 SUSE-SLE-SERVER-12-SP3-2019-1945=1 SUSE-SLE-SERVER-12-SP3-2019-1946=1 SUSE-SLE-SERVER-12-SP3-2019-1947=1 SUSE-SLE-SERVER-12-SP3-2019-1948=1 SUSE-SLE-SERVER-12-SP3-2019-1949=1 SUSE-SLE-SERVER-12-SP3-2019-1950=1 SUSE-SLE-SERVER-12-SP3-2019-1951=1 SUSE-SLE-SERVER-12-SP3-2019-1952=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1928=1 SUSE-SLE-SERVER-12-SP2-2019-1929=1 SUSE-SLE-SERVER-12-SP2-2019-1931=1 SUSE-SLE-SERVER-12-SP2-2019-1932=1 SUSE-SLE-SERVER-12-SP2-2019-1933=1 SUSE-SLE-SERVER-12-SP2-2019-1934=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1936=1 SUSE-SLE-Live-Patching-12-SP4-2019-1937=1 SUSE-SLE-Live-Patching-12-SP4-2019-1938=1 SUSE-SLE-Live-Patching-12-SP4-2019-1939=1 SUSE-SLE-Live-Patching-12-SP4-2019-1940=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_140-94_42-default-10-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-10-2.1 kgraft-patch-4_4_143-94_47-default-7-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-7-2.1 kgraft-patch-4_4_155-94_50-default-7-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_57-default-7-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_61-default-7-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_64-default-6-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_69-default-5-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-5-2.1 kgraft-patch-4_4_162-94_72-default-5-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-5-2.1 kgraft-patch-4_4_175-94_79-default-4-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-4-2.1 kgraft-patch-4_4_176-94_88-default-3-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-3-2.1 kgraft-patch-4_4_178-94_91-default-3-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-4-2.1 kgraft-patch-4_4_121-92_104-default-4-2.1 kgraft-patch-4_4_121-92_109-default-4-2.1 kgraft-patch-4_4_121-92_95-default-7-2.1 kgraft-patch-4_4_121-92_98-default-6-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_92-default-8-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_140-94_42-default-10-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-10-2.1 kgraft-patch-4_4_143-94_47-default-7-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-7-2.1 kgraft-patch-4_4_155-94_50-default-7-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_57-default-7-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_61-default-7-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_64-default-6-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_69-default-5-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-5-2.1 kgraft-patch-4_4_162-94_72-default-5-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-5-2.1 kgraft-patch-4_4_175-94_79-default-4-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-4-2.1 kgraft-patch-4_4_176-94_88-default-3-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-3-2.1 kgraft-patch-4_4_178-94_91-default-3-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-4-2.1 kgraft-patch-4_4_121-92_104-default-4-2.1 kgraft-patch-4_4_121-92_109-default-4-2.1 kgraft-patch-4_4_121-92_95-default-7-2.1 kgraft-patch-4_4_121-92_98-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_92-default-8-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-6-2.16.1 kgraft-patch-4_12_14-94_41-default-debuginfo-6-2.16.1 kgraft-patch-4_12_14-95_13-default-3-2.1 kgraft-patch-4_12_14-95_16-default-3-2.1 kgraft-patch-4_12_14-95_3-default-5-2.1 kgraft-patch-4_12_14-95_6-default-4-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-6-2.16.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-updates at lists.suse.com Tue Jul 23 10:13:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 18:13:01 +0200 (CEST) Subject: SUSE-SU-2019:1958-1: moderate: Security update for glibc Message-ID: <20190723161301.B24A8FEA9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1958-1 Rating: moderate References: #1127223 #1127308 #1128574 Cross-References: CVE-2009-5155 CVE-2019-9169 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1958=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1958=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1958=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1958=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1958=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1958=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1958=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1958=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1958=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE OpenStack Cloud 8 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE OpenStack Cloud 7 (s390x x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE OpenStack Cloud 7 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Enterprise Storage 5 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Enterprise Storage 5 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Enterprise Storage 4 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Enterprise Storage 4 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE CaaS Platform 3.0 (x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1128574 From sle-updates at lists.suse.com Tue Jul 23 10:18:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Jul 2019 18:18:30 +0200 (CEST) Subject: SUSE-RU-2019:1959-1: moderate: Recommended update for sbd Message-ID: <20190723161830.1DCB7FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1959-1 Rating: moderate References: #1033600 #1033934 #1065748 #1074038 #1079316 #1086650 #1112918 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd.8.pod: use the generic term "cluster services" instead of the specific "openais" (bsc#1112918) - sbd-md: return error if faied to list any devices (bsc#1086650) - Fix: add Documentation value to systemd services - sbd-md: dump_headers returns 0 even open_device failed (bsc#1079316) - Doc: sbd.sysconfig: mention timeout caveat with SBD_DELAY_START (bsc#1074038) - man: Call "-P" option "Pacemaker integration" in the description (bsc#1033600) - Fix node name parameter in manpage - sbd.sh: Use a more obvious variable on parsing devices (bsc#1033934) - sbd-inquisitor: Do not create duplicate servants (bsc#1033934, bsc#1065748) - sbd-inquisitor: Correctly look up servant by device name (bsc#1033934, bsc#1065748) - sbd.sh: Correctly handle SBD_DELAY_START for multiple SBD devices (bsc#1033934) - sbd.sh: consistent use of SBD_BIN (bsc#1033934) - spec: Do not automatically try to restart sbd.service on update (bsc#1033934) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1959=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): sbd-1.2.1-17.3.31 sbd-debuginfo-1.2.1-17.3.31 sbd-debugsource-1.2.1-17.3.31 References: https://bugzilla.suse.com/1033600 https://bugzilla.suse.com/1033934 https://bugzilla.suse.com/1065748 https://bugzilla.suse.com/1074038 https://bugzilla.suse.com/1079316 https://bugzilla.suse.com/1086650 https://bugzilla.suse.com/1112918 From sle-updates at lists.suse.com Wed Jul 24 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-SU-2019:1963-1: moderate: Security update for openexr Message-ID: <20190724131036.4A31DF798@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1963-1 Rating: moderate References: #1040109 #1040113 #1040115 Cross-References: CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1963=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1963=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1963=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1963=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-doc-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libIlmImf-2_2-23-32bit-2.2.1-3.6.1 libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-32bit-2.2.1-3.6.1 libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-doc-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.6.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-2.2.1-3.6.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-devel-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.6.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-2.2.1-3.6.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-devel-2.2.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 From sle-updates at lists.suse.com Wed Jul 24 07:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 15:11:34 +0200 (CEST) Subject: SUSE-SU-2019:1962-1: moderate: Security update for openexr Message-ID: <20190724131134.67E43F798@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1962-1 Rating: moderate References: #1040109 #1040112 #1040113 #1040115 #1113455 Cross-References: CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1962=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1962=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1962=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1962=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 openexr-devel-2.1.0-6.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.10.1 openexr-2.1.0-6.10.1 openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.10.1 openexr-2.1.0-6.10.1 openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9112.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://www.suse.com/security/cve/CVE-2018-18444.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040112 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 https://bugzilla.suse.com/1113455 From sle-updates at lists.suse.com Wed Jul 24 10:13:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:13:06 +0200 (CEST) Subject: SUSE-SU-2019:1961-1: important: Security update for spamassassin Message-ID: <20190724161306.4727CF798@maintenance.suse.de> SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1961-1 Rating: important References: #1108745 #1108748 #1108750 Cross-References: CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1961=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1961=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.3.1 spamassassin-3.4.2-44.3.1 spamassassin-debuginfo-3.4.2-44.3.1 spamassassin-debugsource-3.4.2-44.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.3.1 spamassassin-3.4.2-44.3.1 spamassassin-debuginfo-3.4.2-44.3.1 spamassassin-debugsource-3.4.2-44.3.1 References: https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2017-15705.html https://www.suse.com/security/cve/CVE-2018-11780.html https://www.suse.com/security/cve/CVE-2018-11781.html https://bugzilla.suse.com/1108745 https://bugzilla.suse.com/1108748 https://bugzilla.suse.com/1108750 From sle-updates at lists.suse.com Wed Jul 24 10:13:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:13:54 +0200 (CEST) Subject: SUSE-SU-2019:1960-1: important: Security update for MozillaThunderbird Message-ID: <20190724161354.C60F5F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1960-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird version 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). Non-security issued fixed: - Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1960=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1960=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.8.0-3.46.2 MozillaThunderbird-debuginfo-60.8.0-3.46.2 MozillaThunderbird-debugsource-60.8.0-3.46.2 MozillaThunderbird-translations-common-60.8.0-3.46.2 MozillaThunderbird-translations-other-60.8.0-3.46.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.8.0-3.46.2 MozillaThunderbird-debuginfo-60.8.0-3.46.2 MozillaThunderbird-debugsource-60.8.0-3.46.2 MozillaThunderbird-translations-common-60.8.0-3.46.2 MozillaThunderbird-translations-other-60.8.0-3.46.2 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Wed Jul 24 10:14:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:14:30 +0200 (CEST) Subject: SUSE-RU-2019:1965-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190724161431.00575F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1965-1 Rating: moderate References: #1109639 #1130040 #1133800 #1137715 #1137881 #1137940 Affected Products: SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Don't skip Deb package tags on package import (bsc#1130040) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) spacewalk-certs-tools: - Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881) spacewalk-proxy-installer: - Remove double slashes from cobbler api endpoint (bsc#1133800) spacewalk-web: - Add checks for empty required entries on formula forms (bsc#1109639) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1965=1 Package List: - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-backend-2.8.57.18-3.36.1 spacewalk-backend-libs-2.8.57.18-3.36.1 spacewalk-base-minimal-2.8.7.18-3.33.1 spacewalk-base-minimal-config-2.8.7.18-3.33.1 spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-proxy-installer-2.8.6.7-3.15.1 susemanager-web-libs-2.8.7.18-3.33.1 References: https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1133800 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137940 From sle-updates at lists.suse.com Wed Jul 24 10:17:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:17:30 +0200 (CEST) Subject: SUSE-SU-2019:14134-1: moderate: Security update for OpenEXR Message-ID: <20190724161730.E604DF798@maintenance.suse.de> SUSE Security Update: Security update for OpenEXR ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14134-1 Rating: moderate References: #1040109 #1040112 #1040113 #1040115 Cross-References: CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp. (This was already fixed by the previous update bug not referenced.) (bsc#1040112) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-OpenEXR-14134=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): OpenEXR-debuginfo-1.6.1-83.17.8.2 OpenEXR-debugsource-1.6.1-83.17.8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): OpenEXR-debuginfo-32bit-1.6.1-83.17.8.2 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9112.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040112 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 From sle-updates at lists.suse.com Wed Jul 24 10:18:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:18:43 +0200 (CEST) Subject: SUSE-RU-2019:1965-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190724161843.9689DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1965-1 Rating: moderate References: #1101706 #1104949 #1108218 #1109639 #1116869 #1118175 #1122381 #1130040 #1131721 #1132234 #1132914 #1133421 #1133560 #1133800 #1134677 #1135025 #1135075 #1135360 #1135442 #1135959 #1136093 #1136301 #1137144 #1137308 #1137533 #1137715 #1137881 #1137940 #1137952 #1138275 #1138655 #1139693 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 32 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Don't skip Deb package tags on package import (bsc#1130040) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) spacewalk-certs-tools: - Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881) spacewalk-proxy-installer: - Remove double slashes from cobbler api endpoint (bsc#1133800) spacewalk-web: - Add checks for empty required entries on formula forms (bsc#1109639) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1965=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1965=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): susemanager-3.2.19-3.28.1 susemanager-tools-3.2.19-3.28.1 - SUSE Manager Server 3.2 (noarch): py26-compat-salt-2016.11.10-6.29.1 python2-spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-backend-2.8.57.18-3.36.1 spacewalk-backend-app-2.8.57.18-3.36.1 spacewalk-backend-applet-2.8.57.18-3.36.1 spacewalk-backend-config-files-2.8.57.18-3.36.1 spacewalk-backend-config-files-common-2.8.57.18-3.36.1 spacewalk-backend-config-files-tool-2.8.57.18-3.36.1 spacewalk-backend-iss-2.8.57.18-3.36.1 spacewalk-backend-iss-export-2.8.57.18-3.36.1 spacewalk-backend-libs-2.8.57.18-3.36.1 spacewalk-backend-package-push-server-2.8.57.18-3.36.1 spacewalk-backend-server-2.8.57.18-3.36.1 spacewalk-backend-sql-2.8.57.18-3.36.1 spacewalk-backend-sql-oracle-2.8.57.18-3.36.1 spacewalk-backend-sql-postgresql-2.8.57.18-3.36.1 spacewalk-backend-tools-2.8.57.18-3.36.1 spacewalk-backend-xml-export-libs-2.8.57.18-3.36.1 spacewalk-backend-xmlrpc-2.8.57.18-3.36.1 spacewalk-base-2.8.7.18-3.33.1 spacewalk-base-minimal-2.8.7.18-3.33.1 spacewalk-base-minimal-config-2.8.7.18-3.33.1 spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-config-2.8.5.8-3.19.1 spacewalk-html-2.8.7.18-3.33.1 spacewalk-java-2.8.78.23-3.35.1 spacewalk-java-config-2.8.78.23-3.35.1 spacewalk-java-lib-2.8.78.23-3.35.1 spacewalk-java-oracle-2.8.78.23-3.35.1 spacewalk-java-postgresql-2.8.78.23-3.35.1 spacewalk-setup-2.8.7.7-3.16.1 spacewalk-taskomatic-2.8.78.23-3.35.1 susemanager-advanced-topics_en-pdf-3.2-11.29.1 susemanager-best-practices_en-pdf-3.2-11.29.1 susemanager-docs_en-3.2-11.29.1 susemanager-getting-started_en-pdf-3.2-11.29.1 susemanager-jsp_en-3.2-11.29.1 susemanager-reference_en-pdf-3.2-11.29.1 susemanager-schema-3.2.20-3.28.1 susemanager-sls-3.2.26-3.32.1 susemanager-sync-data-3.2.16-3.26.1 susemanager-web-libs-2.8.7.18-3.33.1 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-backend-2.8.57.18-3.36.1 spacewalk-backend-libs-2.8.57.18-3.36.1 spacewalk-base-minimal-2.8.7.18-3.33.1 spacewalk-base-minimal-config-2.8.7.18-3.33.1 spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-proxy-installer-2.8.6.7-3.15.1 susemanager-web-libs-2.8.7.18-3.33.1 References: https://bugzilla.suse.com/1101706 https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1108218 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132234 https://bugzilla.suse.com/1132914 https://bugzilla.suse.com/1133421 https://bugzilla.suse.com/1133560 https://bugzilla.suse.com/1133800 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135025 https://bugzilla.suse.com/1135075 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135442 https://bugzilla.suse.com/1135959 https://bugzilla.suse.com/1136093 https://bugzilla.suse.com/1136301 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137533 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Wed Jul 24 10:24:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:24:40 +0200 (CEST) Subject: SUSE-RU-2019:1965-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20190724162440.E4CF7F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1965-1 Rating: moderate References: #1101706 #1104949 #1108218 #1109639 #1116869 #1118175 #1122381 #1130040 #1131721 #1132234 #1132914 #1133421 #1133560 #1133800 #1134677 #1135025 #1135075 #1135360 #1135442 #1135959 #1136093 #1136301 #1137144 #1137308 #1137533 #1137715 #1137881 #1137940 #1137952 #1138275 #1138655 #1139693 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 32 recommended fixes can now be installed. Description: This update includes the following new features: - Improve performance of 'Systems requiring reboot' page (fate#327780) - Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780) This update fixes the following issues: py26-compat-salt: - Do not break repo files with multiple line values on yumpkg (bsc#1135360) spacewalk-backend: - Don't skip Deb package tags on package import (bsc#1130040) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) spacewalk-certs-tools: - Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881) spacewalk-config: - Fix URL rewrites for proxy cobbler api endpoint (bsc#1133800) spacewalk-java: - API Documentation: mention the shebang in the system.scheduleScriptRun doc strings (bsc#1138655) - For orphan contentsources, look also in susesccrepositoryauth to make sure they are not being referenced(bsc#1138275) - Hide the 'View All' guests link for foreign systems (bsc#1116869) - Fallback to logged-in-user org and then vendor errata when looking up erratum on cloning (bsc#1137308) - Fix profiles package scheduling when epoch is null (bsc#1137144) - Keep querystring on ListTag parent_url for actions that have the cid param (bsc#1134677) - Improve performance of 'Systems requiring reboot' page (fate#327780) - Fix parsing of deb package version string on download (bsc#1130040, bsc#1136093) - Enable product detection for plain rhel systems (bsc#1136301) - Explicitly mention in API docs that to preserve LF/CR, user needs to encode the data(bsc#1135442) - Fix channel sync status logic in products page (bsc#1131721) - Fix SSM package upgrade list item selection (bsc#1133421) - Let softwarechannel_errata_sync fallback on vendor errata (bsc#1132914) - Hide disabled activation keys in form drop-downs (bsc#1101706) - Display warning if product catalog refresh is already in progress (bsc#1132234) - Fix apidoc issues spacewalk-setup: - Prevent CherryPy timeouts (bsc#1118175) - Fix check for empty lines in rhn.conf for spacewalk-setup (bsc#1133560) spacewalk-web: - Add checks for empty required entries on formula forms (bsc#1109639) susemanager: - Make dmidecode part of the bootstrap repositiories (bsc#1137952) susemanager-docs_en: - Update text and image files; general tidying up. - On systemd-based systems rhnsd.timer replaces the rhnsd daemon. - Disabling the Salt Mine (bsc#1135075). - Update Quick Start Guide (Salt getting started). - Update Salt rate limiting. - Update pressence ping and batching. - Tuning of large installations (taskomatic jobs) and other optimization issues (bsc#1135075 and bsc#1135025). susemanager-schema: - Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780) susemanager-sls: - Use default 'master' branch in OSImage profile URL (bsc#1108218) - Check for result of image rsync transfer to catch failures early (bsc#1104949) - Make sure dmidecode is installed during bootstrap to ensure that hardware refresh works for all operating systems (bsc#1137952) - Fix formula name encoding on Python 3 (bsc#1137533) - Migrate Python code to be Python 2/3 compatible (bsc#1135959) - Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Enable product detection for plain rhel systems (bsc#1136301) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1965=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1965=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): susemanager-3.2.19-3.28.1 susemanager-tools-3.2.19-3.28.1 - SUSE Manager Server 3.2 (noarch): py26-compat-salt-2016.11.10-6.29.1 python2-spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-backend-2.8.57.18-3.36.1 spacewalk-backend-app-2.8.57.18-3.36.1 spacewalk-backend-applet-2.8.57.18-3.36.1 spacewalk-backend-config-files-2.8.57.18-3.36.1 spacewalk-backend-config-files-common-2.8.57.18-3.36.1 spacewalk-backend-config-files-tool-2.8.57.18-3.36.1 spacewalk-backend-iss-2.8.57.18-3.36.1 spacewalk-backend-iss-export-2.8.57.18-3.36.1 spacewalk-backend-libs-2.8.57.18-3.36.1 spacewalk-backend-package-push-server-2.8.57.18-3.36.1 spacewalk-backend-server-2.8.57.18-3.36.1 spacewalk-backend-sql-2.8.57.18-3.36.1 spacewalk-backend-sql-oracle-2.8.57.18-3.36.1 spacewalk-backend-sql-postgresql-2.8.57.18-3.36.1 spacewalk-backend-tools-2.8.57.18-3.36.1 spacewalk-backend-xml-export-libs-2.8.57.18-3.36.1 spacewalk-backend-xmlrpc-2.8.57.18-3.36.1 spacewalk-base-2.8.7.18-3.33.1 spacewalk-base-minimal-2.8.7.18-3.33.1 spacewalk-base-minimal-config-2.8.7.18-3.33.1 spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-config-2.8.5.8-3.19.1 spacewalk-html-2.8.7.18-3.33.1 spacewalk-java-2.8.78.23-3.35.1 spacewalk-java-config-2.8.78.23-3.35.1 spacewalk-java-lib-2.8.78.23-3.35.1 spacewalk-java-oracle-2.8.78.23-3.35.1 spacewalk-java-postgresql-2.8.78.23-3.35.1 spacewalk-setup-2.8.7.7-3.16.1 spacewalk-taskomatic-2.8.78.23-3.35.1 susemanager-advanced-topics_en-pdf-3.2-11.29.1 susemanager-best-practices_en-pdf-3.2-11.29.1 susemanager-docs_en-3.2-11.29.1 susemanager-getting-started_en-pdf-3.2-11.29.1 susemanager-jsp_en-3.2-11.29.1 susemanager-reference_en-pdf-3.2-11.29.1 susemanager-schema-3.2.20-3.28.1 susemanager-sls-3.2.26-3.32.1 susemanager-sync-data-3.2.16-3.26.1 susemanager-web-libs-2.8.7.18-3.33.1 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-backend-2.8.57.18-3.36.1 spacewalk-backend-libs-2.8.57.18-3.36.1 spacewalk-base-minimal-2.8.7.18-3.33.1 spacewalk-base-minimal-config-2.8.7.18-3.33.1 spacewalk-certs-tools-2.8.8.11-3.14.1 spacewalk-proxy-installer-2.8.6.7-3.15.1 susemanager-web-libs-2.8.7.18-3.33.1 References: https://bugzilla.suse.com/1101706 https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1108218 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132234 https://bugzilla.suse.com/1132914 https://bugzilla.suse.com/1133421 https://bugzilla.suse.com/1133560 https://bugzilla.suse.com/1133800 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135025 https://bugzilla.suse.com/1135075 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135442 https://bugzilla.suse.com/1135959 https://bugzilla.suse.com/1136093 https://bugzilla.suse.com/1136301 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137533 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Wed Jul 24 13:10:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Jul 2019 21:10:13 +0200 (CEST) Subject: SUSE-RU-2019:1966-1: moderate: Recommended update for rsyslog Message-ID: <20190724191013.6F561FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1966-1 Rating: moderate References: #1137681 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Suppress error message about missing environment variable TZ. (bsc#1137681) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1966=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1966=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1966=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1966=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1966=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1966=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 rsyslog-module-gssapi-8.33.1-3.12.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.12.1 rsyslog-module-gtls-8.33.1-3.12.1 rsyslog-module-gtls-debuginfo-8.33.1-3.12.1 rsyslog-module-mmnormalize-8.33.1-3.12.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.12.1 rsyslog-module-mysql-8.33.1-3.12.1 rsyslog-module-mysql-debuginfo-8.33.1-3.12.1 rsyslog-module-pgsql-8.33.1-3.12.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.12.1 rsyslog-module-relp-8.33.1-3.12.1 rsyslog-module-relp-debuginfo-8.33.1-3.12.1 rsyslog-module-snmp-8.33.1-3.12.1 rsyslog-module-snmp-debuginfo-8.33.1-3.12.1 rsyslog-module-udpspoof-8.33.1-3.12.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 rsyslog-module-gssapi-8.33.1-3.12.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.12.1 rsyslog-module-gtls-8.33.1-3.12.1 rsyslog-module-gtls-debuginfo-8.33.1-3.12.1 rsyslog-module-mmnormalize-8.33.1-3.12.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.12.1 rsyslog-module-mysql-8.33.1-3.12.1 rsyslog-module-mysql-debuginfo-8.33.1-3.12.1 rsyslog-module-pgsql-8.33.1-3.12.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.12.1 rsyslog-module-relp-8.33.1-3.12.1 rsyslog-module-relp-debuginfo-8.33.1-3.12.1 rsyslog-module-snmp-8.33.1-3.12.1 rsyslog-module-snmp-debuginfo-8.33.1-3.12.1 rsyslog-module-udpspoof-8.33.1-3.12.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 rsyslog-diag-tools-8.33.1-3.12.1 rsyslog-diag-tools-debuginfo-8.33.1-3.12.1 rsyslog-doc-8.33.1-3.12.1 rsyslog-module-dbi-8.33.1-3.12.1 rsyslog-module-dbi-debuginfo-8.33.1-3.12.1 rsyslog-module-elasticsearch-8.33.1-3.12.1 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.12.1 rsyslog-module-gcrypt-8.33.1-3.12.1 rsyslog-module-gcrypt-debuginfo-8.33.1-3.12.1 rsyslog-module-mmnormalize-8.33.1-3.12.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.12.1 rsyslog-module-omamqp1-8.33.1-3.12.1 rsyslog-module-omamqp1-debuginfo-8.33.1-3.12.1 rsyslog-module-omhttpfs-8.33.1-3.12.1 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.12.1 rsyslog-module-omtcl-8.33.1-3.12.1 rsyslog-module-omtcl-debuginfo-8.33.1-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 rsyslog-diag-tools-8.33.1-3.12.1 rsyslog-diag-tools-debuginfo-8.33.1-3.12.1 rsyslog-doc-8.33.1-3.12.1 rsyslog-module-dbi-8.33.1-3.12.1 rsyslog-module-dbi-debuginfo-8.33.1-3.12.1 rsyslog-module-elasticsearch-8.33.1-3.12.1 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.12.1 rsyslog-module-gcrypt-8.33.1-3.12.1 rsyslog-module-gcrypt-debuginfo-8.33.1-3.12.1 rsyslog-module-gtls-8.33.1-3.12.1 rsyslog-module-gtls-debuginfo-8.33.1-3.12.1 rsyslog-module-mmnormalize-8.33.1-3.12.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.12.1 rsyslog-module-omamqp1-8.33.1-3.12.1 rsyslog-module-omamqp1-debuginfo-8.33.1-3.12.1 rsyslog-module-omhttpfs-8.33.1-3.12.1 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.12.1 rsyslog-module-omtcl-8.33.1-3.12.1 rsyslog-module-omtcl-debuginfo-8.33.1-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.12.1 rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.12.1 rsyslog-debuginfo-8.33.1-3.12.1 rsyslog-debugsource-8.33.1-3.12.1 References: https://bugzilla.suse.com/1137681 From sle-updates at lists.suse.com Wed Jul 24 22:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 06:10:28 +0200 (CEST) Subject: SUSE-RU-2019:1967-1: important: Recommended update for dracut Message-ID: <20190725041028.524A7FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1967-1 Rating: important References: #1098915 #1121238 #1125393 #1130107 #1130114 #1132448 #1133819 #1134347 #1134472 #1137784 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - 95dasd-rules 95zfcp-rules: was not correctly looking for rule names (bsc#1137784) - Early microcode was not added from files with .early postfix (bsc#1098915, bsc#1125393) - GPIO modules weren't get included on ARM (bsc#1133819) - Routes were not properly added due to a spelling error (bsc#1134347) - Decouple iscsi from sysinit.target (bsc#1134472) - dracut-lib.sh:dev_unit_name() guard against $dev beginning with "-" (bsc#1132448) - 95iscsi: error messages were created when building initrd, due to multipath timeouts (bsc#1130114, bsc#1130107, bsc#1121238) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1967=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1967=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1967=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1967=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.2-18.28.1 dracut-debugsource-044.2-18.28.1 dracut-tools-044.2-18.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.2-18.28.1 dracut-debugsource-044.2-18.28.1 dracut-tools-044.2-18.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.28.1 dracut-debuginfo-044.2-18.28.1 dracut-debugsource-044.2-18.28.1 dracut-fips-044.2-18.28.1 dracut-ima-044.2-18.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.28.1 dracut-debuginfo-044.2-18.28.1 dracut-debugsource-044.2-18.28.1 dracut-fips-044.2-18.28.1 dracut-ima-044.2-18.28.1 References: https://bugzilla.suse.com/1098915 https://bugzilla.suse.com/1121238 https://bugzilla.suse.com/1125393 https://bugzilla.suse.com/1130107 https://bugzilla.suse.com/1130114 https://bugzilla.suse.com/1132448 https://bugzilla.suse.com/1133819 https://bugzilla.suse.com/1134347 https://bugzilla.suse.com/1134472 https://bugzilla.suse.com/1137784 From sle-updates at lists.suse.com Thu Jul 25 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-RU-2019:1969-1: important: Recommended update for dracut Message-ID: <20190725131036.78673FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1969-1 Rating: important References: #1098915 #1121238 #1125393 #1130107 #1130114 #1132448 #1133819 #1134347 #1134472 #1137784 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - 95dasd-rules 95zfcp-rules: was not correctly looking for rule names (bsc#1137784) - Ensure early microcode gets added from files with .early postfix (bsc#1098915, bsc#1125393) - Ensure GPIO modules get included on ARM (bsc#1133819) - Fix Routes are not properly added due to spelling error (bsc#1134347) - Decouple iscsi from sysinit.target (bsc#1134472) - dracut-lib.sh:dev_unit_name() guard against $dev beginning with "-" (bsc#1132448) - 95iscsi: avoid error messages when building initrd, multipath timeouts (bsc#1130114, bsc#1130107, bsc#1121238) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1969=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1969=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-044.2-10.15.2 dracut-debuginfo-044.2-10.15.2 dracut-debugsource-044.2-10.15.2 dracut-fips-044.2-10.15.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-044.2-10.15.2 dracut-debuginfo-044.2-10.15.2 dracut-debugsource-044.2-10.15.2 References: https://bugzilla.suse.com/1098915 https://bugzilla.suse.com/1121238 https://bugzilla.suse.com/1125393 https://bugzilla.suse.com/1130107 https://bugzilla.suse.com/1130114 https://bugzilla.suse.com/1132448 https://bugzilla.suse.com/1133819 https://bugzilla.suse.com/1134347 https://bugzilla.suse.com/1134472 https://bugzilla.suse.com/1137784 From sle-updates at lists.suse.com Thu Jul 25 07:12:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 15:12:23 +0200 (CEST) Subject: SUSE-RU-2019:1968-1: moderate: Recommended update for qemu Message-ID: <20190725131223.A5B21FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for qemu ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1968-1 Rating: moderate References: #1141957 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a SUSE Linux Enterprise 12 SP5 beta update for the package qemu. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1968=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1968=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): qemu-3.1.0-7.2.5 qemu-block-curl-3.1.0-7.2.5 qemu-block-curl-debuginfo-3.1.0-7.2.5 qemu-block-ssh-3.1.0-7.2.5 qemu-block-ssh-debuginfo-3.1.0-7.2.5 qemu-debugsource-3.1.0-7.2.5 qemu-guest-agent-3.1.0-7.2.5 qemu-guest-agent-debuginfo-3.1.0-7.2.5 qemu-lang-3.1.0-7.2.5 qemu-tools-3.1.0-7.2.5 qemu-tools-debuginfo-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): qemu-block-rbd-3.1.0-7.2.5 qemu-block-rbd-debuginfo-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): qemu-kvm-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64): qemu-arm-3.1.0-7.2.5 qemu-arm-debuginfo-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): qemu-ppc-3.1.0-7.2.5 qemu-ppc-debuginfo-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (x86_64): qemu-x86-3.1.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ipxe-1.0.0+-7.2.5 qemu-seabios-1.12.0-7.2.5 qemu-sgabios-8-7.2.5 qemu-vgabios-1.12.0-7.2.5 - SUSE Linux Enterprise Server 12-SP5 (s390x): qemu-s390-3.1.0-7.2.5 qemu-s390-debuginfo-3.1.0-7.2.5 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): qemu-3.1.0-7.2.5 qemu-block-curl-3.1.0-7.2.5 qemu-block-curl-debuginfo-3.1.0-7.2.5 qemu-debugsource-3.1.0-7.2.5 qemu-kvm-3.1.0-7.2.5 qemu-tools-3.1.0-7.2.5 qemu-tools-debuginfo-3.1.0-7.2.5 qemu-x86-3.1.0-7.2.5 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): qemu-ipxe-1.0.0+-7.2.5 qemu-seabios-1.12.0-7.2.5 qemu-sgabios-8-7.2.5 qemu-vgabios-1.12.0-7.2.5 References: https://bugzilla.suse.com/1141957 From sle-updates at lists.suse.com Thu Jul 25 07:13:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 15:13:02 +0200 (CEST) Subject: SUSE-RU-2019:1970-1: moderate: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20190725131302.DCC4DFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1970-1 Rating: moderate References: #1101706 #1104949 #1108218 #1109639 #1116869 #1118175 #1122381 #1130040 #1131721 #1132234 #1132914 #1133421 #1133560 #1133800 #1134677 #1135075 #1135360 #1135442 #1135959 #1136301 #1137144 #1137308 #1137533 #1137715 #1137881 #1137940 #1137952 #1138275 #1138655 #1139693 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 30 recommended fixes can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: - New features: * Enable SLES12 SP3 LTSS and SLES RT 12 SP3 * Add performance tuning parameters to documentation - SUSE Manager Server bugs fixed by latest updates: bsc#1101706, bsc#1104949, bsc#1108218, bsc#1109639, bsc#1116869, bsc#1118175, bsc#1122381, bsc#1130040, bsc#1131721, bsc#1132234, bsc#1132914, bsc#1133421, bsc#1133560, bsc#1133800, bsc#1134677, bsc#1135075, bsc#1135360, bsc#1135442, bsc#1135959, bsc#1136301, bsc#1137144, bsc#1137308, bsc#1137533, bsc#1137715, bsc#1137881, bsc#1137940, bsc#1137952, bsc#1138275, bsc#1138655, bsc#1139693 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1109639, bsc#1130040, bsc#1133800, bsc#1137715, bsc#1137881, bsc#1137940 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1970=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1970=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.10-6.38.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.10-0.16.30.1 References: https://bugzilla.suse.com/1101706 https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1108218 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132234 https://bugzilla.suse.com/1132914 https://bugzilla.suse.com/1133421 https://bugzilla.suse.com/1133560 https://bugzilla.suse.com/1133800 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135075 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135442 https://bugzilla.suse.com/1135959 https://bugzilla.suse.com/1136301 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137533 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1139693 From sle-updates at lists.suse.com Thu Jul 25 10:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 18:10:31 +0200 (CEST) Subject: SUSE-SU-2019:1971-1: moderate: Security update for libgcrypt Message-ID: <20190725161031.614F7FFD7@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1971-1 Rating: moderate References: #1138939 Cross-References: CVE-2019-12904 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1971=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1971=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-8.6.2 libgcrypt-cavs-debuginfo-1.8.2-8.6.2 libgcrypt-debugsource-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgcrypt-devel-32bit-1.8.2-8.6.2 libgcrypt-devel-32bit-debuginfo-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.6.2 libgcrypt-devel-1.8.2-8.6.2 libgcrypt-devel-debuginfo-1.8.2-8.6.2 libgcrypt20-1.8.2-8.6.2 libgcrypt20-debuginfo-1.8.2-8.6.2 libgcrypt20-hmac-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgcrypt20-32bit-1.8.2-8.6.2 libgcrypt20-32bit-debuginfo-1.8.2-8.6.2 libgcrypt20-hmac-32bit-1.8.2-8.6.2 References: https://www.suse.com/security/cve/CVE-2019-12904.html https://bugzilla.suse.com/1138939 From sle-updates at lists.suse.com Thu Jul 25 10:11:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 18:11:17 +0200 (CEST) Subject: SUSE-SU-2019:1972-1: moderate: Security update for libsolv, libzypp, zypper Message-ID: <20190725161117.10BDDFFD7@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1972-1 Rating: moderate References: #1109893 #1110542 #1111319 #1112911 #1113296 #1120629 #1120630 #1120631 #1127155 #1131823 #1134226 #1137977 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1972=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1972=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1972=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1972=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1972=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1972=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1972=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1972=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1972=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1972=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE OpenStack Cloud 8 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-devel-0.6.36-2.16.2 libsolv-devel-debuginfo-0.6.36-2.16.2 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 libzypp-devel-16.20.0-2.39.4 libzypp-devel-doc-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-devel-0.6.36-2.16.2 libsolv-devel-debuginfo-0.6.36-2.16.2 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 libzypp-devel-16.20.0-2.39.4 libzypp-devel-doc-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Enterprise Storage 5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Enterprise Storage 5 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE CaaS Platform 3.0 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1134226 https://bugzilla.suse.com/1137977 From sle-updates at lists.suse.com Thu Jul 25 13:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Jul 2019 21:10:22 +0200 (CEST) Subject: SUSE-SU-2019:1973-1: important: Security update for rmt-server Message-ID: <20190725191022.4F6BFFFD7@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1973-1 Rating: important References: #1128858 #1129271 #1129392 #1132160 #1132690 #1134190 #1134428 #1135222 #1136020 #1136081 #1138316 #1140492 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered (bsc#1140492) - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring (bsc#1132690) - Add rmt-server-config subpackage with nginx configs (fate#327816, bsc#1136081) - Fix dependency to removed boot_cli_i18n file (bsc#1136020) - Add `rmt-cli systems list` command to list registered systems - Fix create UUID when system_uuid file empty (bsc#1138316) - Fix duplicate nginx location in rmt-server-pubcloud (bsc#1135222) - Mirror additional repos that were enabled during mirroring (bsc#1132690) - Make service IDs consistent across different RMT instances (bsc#1134428) - Make SMT data import scripts faster (bsc#1134190) - Fix incorrect triggering of registration sharing (bsc#1129392) - Fix license mirroring issue in some non-SUSE repositories (bsc#1128858) - Update dependencies to fix vulnerabilities in rails (CVE-2019-5419, bsc#1129271) and nokogiri (CVE-2019-11068, bsc#1132160) - Allow RMT registration to work under HTTP as well as HTTPS. - Offline migration from SLE 15 to SLE 15 SP1 will add Python2 module - Online migrations will automatically add additional modules to the client systems depending on the base product - Supply log severity to journald - Breaking Change: Added headers to generated CSV files Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1973=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-1973=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-2.3.1-3.3.3 rmt-server-config-2.3.1-3.3.3 rmt-server-debuginfo-2.3.1-3.3.3 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.3.1-3.3.3 rmt-server-pubcloud-2.3.1-3.3.3 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://www.suse.com/security/cve/CVE-2019-5419.html https://bugzilla.suse.com/1128858 https://bugzilla.suse.com/1129271 https://bugzilla.suse.com/1129392 https://bugzilla.suse.com/1132160 https://bugzilla.suse.com/1132690 https://bugzilla.suse.com/1134190 https://bugzilla.suse.com/1134428 https://bugzilla.suse.com/1135222 https://bugzilla.suse.com/1136020 https://bugzilla.suse.com/1136081 https://bugzilla.suse.com/1138316 https://bugzilla.suse.com/1140492 From sle-updates at lists.suse.com Thu Jul 25 16:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 00:10:37 +0200 (CEST) Subject: SUSE-RU-2019:1974-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20190725221037.282FDFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1974-1 Rating: moderate References: #1135487 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector fixes the following issues: - Support groups and primitives names containing dashes. (bsc#1135487) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1974=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1974=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1974=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1974=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sap-suse-cluster-connector-3.1.1-11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sap-suse-cluster-connector-3.1.1-11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sap-suse-cluster-connector-3.1.1-11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sap-suse-cluster-connector-3.1.1-11.1 References: https://bugzilla.suse.com/1135487 From sle-updates at lists.suse.com Thu Jul 25 19:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:10:28 +0200 (CEST) Subject: SUSE-RU-2019:1976-1: moderate: Recommended update for resource-agents Message-ID: <20190726011028.245C9FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1976-1 Rating: moderate References: #1114855 #1125138 #1131793 #1133337 #1133962 #1137038 #1137231 #1140874 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - The version of resource-agents was updated to 4.3.018.a7fb5035 and has addressed a couple of bugs. Some of the bugs are: * L3: Pacemaker SST databases to /dev/null (bsc#1131793) [waiting for a customer friendly description] * azure-events: changed the default log level to 'warning' (bsc#1137038, bsc#1137231) * CTDB: Fixes the version string with vendor trailer comparison (bsc#1133337) * Fixes an issue where aws-vpc-move-ip failed when a VM has more than one network interface (bsc#1133962) Please refer to this rpm's changelog to obtain a full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1976=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.23.1 resource-agents-4.3.018.a7fb5035-3.23.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.23.1 resource-agents-debugsource-4.3.018.a7fb5035-3.23.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.23.1 References: https://bugzilla.suse.com/1114855 https://bugzilla.suse.com/1125138 https://bugzilla.suse.com/1131793 https://bugzilla.suse.com/1133337 https://bugzilla.suse.com/1133962 https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137231 https://bugzilla.suse.com/1140874 From sle-updates at lists.suse.com Thu Jul 25 19:12:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:12:05 +0200 (CEST) Subject: SUSE-RU-2019:1978-1: moderate: Recommended update for yast2 Message-ID: <20190726011205.CE688FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1978-1 Rating: moderate References: #1128032 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Stop "ls: write error: Broken pipe" messages. (bsc#1128032) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1978=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.72-3.6.1 yast2-logs-4.1.72-3.6.1 References: https://bugzilla.suse.com/1128032 From sle-updates at lists.suse.com Thu Jul 25 19:12:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:12:45 +0200 (CEST) Subject: SUSE-RU-2019:1977-1: moderate: Recommended update for nvme-cli Message-ID: <20190726011245.9D5EBFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1977-1 Rating: moderate References: #1084379 #1124564 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Fixes an issue where 'nvme error-log' raised an error. - Added a new udev rule for NetApp E-Series (bsc#1124564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1977=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-3.9.1 nvme-cli-debuginfo-1.5-3.9.1 nvme-cli-debugsource-1.5-3.9.1 References: https://bugzilla.suse.com/1084379 https://bugzilla.suse.com/1124564 From sle-updates at lists.suse.com Thu Jul 25 19:13:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:13:34 +0200 (CEST) Subject: SUSE-RU-2019:1983-1: moderate: Recommended update for plymouth Message-ID: <20190726011334.B5D9BFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1983-1 Rating: moderate References: #1138248 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for plymouth fixes the following issue: - Add dependency on dracut for plymouth-scripts to avoid unwanted kiwi behavior(bsc#1138248). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1983=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1983=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1983=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.2-35.12.2 plymouth-debugsource-0.9.2-35.12.2 plymouth-devel-0.9.2-35.12.2 plymouth-plugin-tribar-0.9.2-35.12.2 plymouth-plugin-tribar-debuginfo-0.9.2-35.12.2 plymouth-x11-renderer-0.9.2-35.12.2 plymouth-x11-renderer-debuginfo-0.9.2-35.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): plymouth-theme-tribar-0.9.2-35.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libply-boot-client4-0.9.2-35.12.2 libply-boot-client4-debuginfo-0.9.2-35.12.2 libply-splash-core4-0.9.2-35.12.2 libply-splash-core4-debuginfo-0.9.2-35.12.2 libply-splash-graphics4-0.9.2-35.12.2 libply-splash-graphics4-debuginfo-0.9.2-35.12.2 libply4-0.9.2-35.12.2 libply4-debuginfo-0.9.2-35.12.2 plymouth-0.9.2-35.12.2 plymouth-debuginfo-0.9.2-35.12.2 plymouth-debugsource-0.9.2-35.12.2 plymouth-dracut-0.9.2-35.12.2 plymouth-plugin-label-0.9.2-35.12.2 plymouth-plugin-label-debuginfo-0.9.2-35.12.2 plymouth-plugin-label-ft-0.9.2-35.12.2 plymouth-plugin-label-ft-debuginfo-0.9.2-35.12.2 plymouth-plugin-script-0.9.2-35.12.2 plymouth-plugin-script-debuginfo-0.9.2-35.12.2 plymouth-scripts-0.9.2-35.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libply-boot-client4-0.9.2-35.12.2 libply-boot-client4-debuginfo-0.9.2-35.12.2 libply-splash-core4-0.9.2-35.12.2 libply-splash-core4-debuginfo-0.9.2-35.12.2 libply-splash-graphics4-0.9.2-35.12.2 libply-splash-graphics4-debuginfo-0.9.2-35.12.2 libply4-0.9.2-35.12.2 libply4-debuginfo-0.9.2-35.12.2 plymouth-0.9.2-35.12.2 plymouth-debuginfo-0.9.2-35.12.2 plymouth-debugsource-0.9.2-35.12.2 plymouth-dracut-0.9.2-35.12.2 plymouth-plugin-label-0.9.2-35.12.2 plymouth-plugin-label-debuginfo-0.9.2-35.12.2 plymouth-plugin-label-ft-0.9.2-35.12.2 plymouth-plugin-label-ft-debuginfo-0.9.2-35.12.2 plymouth-plugin-script-0.9.2-35.12.2 plymouth-plugin-script-debuginfo-0.9.2-35.12.2 plymouth-scripts-0.9.2-35.12.2 References: https://bugzilla.suse.com/1138248 From sle-updates at lists.suse.com Thu Jul 25 19:15:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:15:41 +0200 (CEST) Subject: SUSE-RU-2019:1980-1: moderate: Recommended update for powerpc-utils Message-ID: <20190726011541.45459FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1980-1 Rating: moderate References: #1139456 #1139777 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Change the file permissions of smt_off.service to 644. (bsc#1139777) - Backport lprstat, scripts, update_flash, ppc64_cpu and lsslot fixes. (jsc#SLE-6176, bsc#1139456) - lparstat: - add an option to print the lparstat report similar to legacy lparstat tool - introduce the help command line option to print lparstat usage - restrict the physc and entc attribute values to two decimal places - correct calculation of physc to use tbr - Enable desired and maximum memory stats - Show available physical processors in the shared pool - scripts: Improve handling of errors from subsidiary scripts - update_flash: - Add details to extract rpm format image - ppc64_cpu: Limit number of CPUs for frequency calculation - lsslot: - Add ibm,dynamic-memory-v2 parsing capability - Split dynamic-memory v1 parsing into separate routine - Patch to display logical name using bootlist -o option. (jsc#SLE-6176, bsc#1139456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1980=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7-3.3.1 powerpc-utils-debuginfo-1.3.7-3.3.1 powerpc-utils-debugsource-1.3.7-3.3.1 References: https://bugzilla.suse.com/1139456 https://bugzilla.suse.com/1139777 From sle-updates at lists.suse.com Thu Jul 25 19:16:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:16:29 +0200 (CEST) Subject: SUSE-RU-2019:1975-1: moderate: Recommended update for sssd Message-ID: <20190726011629.5D268FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1975-1 Rating: moderate References: #1125277 #1137876 #1139247 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fixes a memory leak in nss netgroup enumeration (bsc#1139247) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1975=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1975=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1975=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-4.17.1 libsss_idmap-devel-1.16.1-4.17.1 libsss_nss_idmap-devel-1.16.1-4.17.1 sssd-debuginfo-1.16.1-4.17.1 sssd-debugsource-1.16.1-4.17.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.17.1 libipa_hbac0-debuginfo-1.16.1-4.17.1 libsss_certmap0-1.16.1-4.17.1 libsss_certmap0-debuginfo-1.16.1-4.17.1 libsss_idmap0-1.16.1-4.17.1 libsss_idmap0-debuginfo-1.16.1-4.17.1 libsss_nss_idmap0-1.16.1-4.17.1 libsss_nss_idmap0-debuginfo-1.16.1-4.17.1 libsss_simpleifp0-1.16.1-4.17.1 libsss_simpleifp0-debuginfo-1.16.1-4.17.1 python-sssd-config-1.16.1-4.17.1 python-sssd-config-debuginfo-1.16.1-4.17.1 sssd-1.16.1-4.17.1 sssd-ad-1.16.1-4.17.1 sssd-ad-debuginfo-1.16.1-4.17.1 sssd-debuginfo-1.16.1-4.17.1 sssd-debugsource-1.16.1-4.17.1 sssd-ipa-1.16.1-4.17.1 sssd-ipa-debuginfo-1.16.1-4.17.1 sssd-krb5-1.16.1-4.17.1 sssd-krb5-common-1.16.1-4.17.1 sssd-krb5-common-debuginfo-1.16.1-4.17.1 sssd-krb5-debuginfo-1.16.1-4.17.1 sssd-ldap-1.16.1-4.17.1 sssd-ldap-debuginfo-1.16.1-4.17.1 sssd-proxy-1.16.1-4.17.1 sssd-proxy-debuginfo-1.16.1-4.17.1 sssd-tools-1.16.1-4.17.1 sssd-tools-debuginfo-1.16.1-4.17.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): sssd-32bit-1.16.1-4.17.1 sssd-debuginfo-32bit-1.16.1-4.17.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libipa_hbac0-1.16.1-4.17.1 libipa_hbac0-debuginfo-1.16.1-4.17.1 libsss_certmap0-1.16.1-4.17.1 libsss_certmap0-debuginfo-1.16.1-4.17.1 libsss_idmap0-1.16.1-4.17.1 libsss_idmap0-debuginfo-1.16.1-4.17.1 libsss_nss_idmap0-1.16.1-4.17.1 libsss_nss_idmap0-debuginfo-1.16.1-4.17.1 libsss_simpleifp0-1.16.1-4.17.1 libsss_simpleifp0-debuginfo-1.16.1-4.17.1 python-sssd-config-1.16.1-4.17.1 python-sssd-config-debuginfo-1.16.1-4.17.1 sssd-1.16.1-4.17.1 sssd-32bit-1.16.1-4.17.1 sssd-ad-1.16.1-4.17.1 sssd-ad-debuginfo-1.16.1-4.17.1 sssd-debuginfo-1.16.1-4.17.1 sssd-debuginfo-32bit-1.16.1-4.17.1 sssd-debugsource-1.16.1-4.17.1 sssd-ipa-1.16.1-4.17.1 sssd-ipa-debuginfo-1.16.1-4.17.1 sssd-krb5-1.16.1-4.17.1 sssd-krb5-common-1.16.1-4.17.1 sssd-krb5-common-debuginfo-1.16.1-4.17.1 sssd-krb5-debuginfo-1.16.1-4.17.1 sssd-ldap-1.16.1-4.17.1 sssd-ldap-debuginfo-1.16.1-4.17.1 sssd-proxy-1.16.1-4.17.1 sssd-proxy-debuginfo-1.16.1-4.17.1 sssd-tools-1.16.1-4.17.1 sssd-tools-debuginfo-1.16.1-4.17.1 References: https://bugzilla.suse.com/1125277 https://bugzilla.suse.com/1137876 https://bugzilla.suse.com/1139247 From sle-updates at lists.suse.com Thu Jul 25 19:18:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:18:18 +0200 (CEST) Subject: SUSE-RU-2019:1984-1: moderate: Recommended update for suse-module-tools Message-ID: <20190726011818.CBB4DFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1984-1 Rating: moderate References: #1036463 #1127155 #1134819 #937216 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - Install sg.conf under /usr/lib/modules-load.d and avoid file conflict with systemd. (bsc#1036463) - weak-modules2: Emit "inconsistent" warning only if replacement fails. (bsc#1127155) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1984=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1984=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): suse-module-tools-legacy-15.1.16-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.1.16-3.3.1 References: https://bugzilla.suse.com/1036463 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1134819 https://bugzilla.suse.com/937216 From sle-updates at lists.suse.com Thu Jul 25 19:22:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:22:07 +0200 (CEST) Subject: SUSE-RU-2019:1982-1: moderate: Recommended update for powerpc-utils Message-ID: <20190726012207.40239FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1982-1 Rating: moderate References: #1139456 #1139777 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Change the file permissions of smt_off.service to 644. (bsc#1139777) - Backport lprstat, scripts, update_flash, ppc64_cpu and lsslot fixes. (jsc#SLE-6176, bsc#1139456) - lparstat: - add an option to print the lparstat report similar to legacy lparstat tool - introduce the help command line option to print lparstat usage - restrict the physc and entc attribute values to two decimal places - correct calculation of physc to use tbr - Enable desired and maximum memory stats - Show available physical processors in the shared pool - scripts: Improve handling of errors from subsidiary scripts - update_flash: - Add details to extract rpm format image - ppc64_cpu: Limit number of CPUs for frequency calculation - lsslot: - Add ibm,dynamic-memory-v2 parsing capability - Split dynamic-memory v1 parsing into separate routine - Patch to display logical name using bootlist -o option. (jsc#SLE-6176, bsc#1139456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1982=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): powerpc-utils-1.3.7-7.12.1 powerpc-utils-debuginfo-1.3.7-7.12.1 powerpc-utils-debugsource-1.3.7-7.12.1 References: https://bugzilla.suse.com/1139456 https://bugzilla.suse.com/1139777 From sle-updates at lists.suse.com Thu Jul 25 19:22:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:22:55 +0200 (CEST) Subject: SUSE-RU-2019:1986-1: moderate: Recommended update for plymouth Message-ID: <20190726012255.5018BFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1986-1 Rating: moderate References: #1138248 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for plymouth fixes the following issues: - Add dependency to dracut for plymouth-scripts. (bsc#1138248). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1986=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-debugsource-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-fade-throbber-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-fade-throbber-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-ft-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-ft-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-space-flares-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-space-flares-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-throbgress-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-throbgress-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-tribar-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-tribar-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-two-step-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-two-step-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): plymouth-theme-bgrt-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-fade-in-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-script-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-solar-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-spinfinity-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-spinner-0.9.4+git20190304.ed9f201-3.3.1 plymouth-theme-tribar-0.9.4+git20190304.ed9f201-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libply-boot-client4-0.9.4+git20190304.ed9f201-3.3.1 libply-boot-client4-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 libply-splash-core4-0.9.4+git20190304.ed9f201-3.3.1 libply-splash-core4-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 libply-splash-graphics4-0.9.4+git20190304.ed9f201-3.3.1 libply-splash-graphics4-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 libply4-0.9.4+git20190304.ed9f201-3.3.1 libply4-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-0.9.4+git20190304.ed9f201-3.3.1 plymouth-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-debugsource-0.9.4+git20190304.ed9f201-3.3.1 plymouth-devel-0.9.4+git20190304.ed9f201-3.3.1 plymouth-dracut-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-script-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-script-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-scripts-0.9.4+git20190304.ed9f201-3.3.1 plymouth-x11-renderer-0.9.4+git20190304.ed9f201-3.3.1 plymouth-x11-renderer-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 References: https://bugzilla.suse.com/1138248 From sle-updates at lists.suse.com Thu Jul 25 19:23:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:23:34 +0200 (CEST) Subject: SUSE-RU-2019:1979-1: moderate: Recommended update for python-kiwi Message-ID: <20190726012334.AD161FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1979-1 Rating: moderate References: #1140813 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - The method get_persistent_device_from_unix_node takes a device path and looks up it's basename. If the method receives an already persistent device the persistent schema representation will only match a numbered dm-N device and not the map name. The method then returns nothing but should return the original device path. (bsc#1140813) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1979=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1979=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1979=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.18-3.19.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.18-3.19.1 dracut-kiwi-live-9.17.18-3.19.1 dracut-kiwi-oem-dump-9.17.18-3.19.1 dracut-kiwi-oem-repart-9.17.18-3.19.1 dracut-kiwi-overlay-9.17.18-3.19.1 kiwi-man-pages-9.17.18-3.19.1 kiwi-tools-9.17.18-3.19.1 kiwi-tools-debuginfo-9.17.18-3.19.1 python-kiwi-debugsource-9.17.18-3.19.1 python2-kiwi-9.17.18-3.19.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-pxeboot-9.17.18-3.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-kiwi-lib-9.17.18-3.19.1 dracut-kiwi-live-9.17.18-3.19.1 dracut-kiwi-oem-dump-9.17.18-3.19.1 dracut-kiwi-oem-repart-9.17.18-3.19.1 dracut-kiwi-overlay-9.17.18-3.19.1 kiwi-pxeboot-9.17.18-3.19.1 kiwi-tools-9.17.18-3.19.1 kiwi-tools-debuginfo-9.17.18-3.19.1 python-kiwi-debugsource-9.17.18-3.19.1 References: https://bugzilla.suse.com/1140813 From sle-updates at lists.suse.com Thu Jul 25 19:24:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:24:19 +0200 (CEST) Subject: SUSE-RU-2019:1981-1: moderate: Recommended update for sssd Message-ID: <20190726012419.726F9FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1981-1 Rating: moderate References: #1139247 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fixes a memory leak in nss netgroup enumeration (bsc#1139247) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1981=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1981=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1981=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1981=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.27.1 libnfsidmap-sss-debuginfo-1.16.1-3.27.1 python3-ipa_hbac-1.16.1-3.27.1 python3-ipa_hbac-debuginfo-1.16.1-3.27.1 python3-sss-murmur-1.16.1-3.27.1 python3-sss-murmur-debuginfo-1.16.1-3.27.1 python3-sss_nss_idmap-1.16.1-3.27.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.27.1 sssd-debuginfo-1.16.1-3.27.1 sssd-debugsource-1.16.1-3.27.1 sssd-winbind-idmap-1.16.1-3.27.1 sssd-winbind-idmap-debuginfo-1.16.1-3.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.27.1 libnfsidmap-sss-debuginfo-1.16.1-3.27.1 python3-ipa_hbac-1.16.1-3.27.1 python3-ipa_hbac-debuginfo-1.16.1-3.27.1 python3-sss-murmur-1.16.1-3.27.1 python3-sss-murmur-debuginfo-1.16.1-3.27.1 python3-sss_nss_idmap-1.16.1-3.27.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.27.1 sssd-dbus-1.16.1-3.27.1 sssd-dbus-debuginfo-1.16.1-3.27.1 sssd-debuginfo-1.16.1-3.27.1 sssd-debugsource-1.16.1-3.27.1 sssd-winbind-idmap-1.16.1-3.27.1 sssd-winbind-idmap-debuginfo-1.16.1-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.27.1 libipa_hbac0-1.16.1-3.27.1 libipa_hbac0-debuginfo-1.16.1-3.27.1 libsss_certmap-devel-1.16.1-3.27.1 libsss_certmap0-1.16.1-3.27.1 libsss_certmap0-debuginfo-1.16.1-3.27.1 libsss_idmap-devel-1.16.1-3.27.1 libsss_idmap0-1.16.1-3.27.1 libsss_idmap0-debuginfo-1.16.1-3.27.1 libsss_nss_idmap-devel-1.16.1-3.27.1 libsss_nss_idmap0-1.16.1-3.27.1 libsss_nss_idmap0-debuginfo-1.16.1-3.27.1 libsss_simpleifp-devel-1.16.1-3.27.1 libsss_simpleifp0-1.16.1-3.27.1 libsss_simpleifp0-debuginfo-1.16.1-3.27.1 python3-sssd-config-1.16.1-3.27.1 python3-sssd-config-debuginfo-1.16.1-3.27.1 sssd-1.16.1-3.27.1 sssd-ad-1.16.1-3.27.1 sssd-ad-debuginfo-1.16.1-3.27.1 sssd-dbus-1.16.1-3.27.1 sssd-dbus-debuginfo-1.16.1-3.27.1 sssd-debuginfo-1.16.1-3.27.1 sssd-debugsource-1.16.1-3.27.1 sssd-ipa-1.16.1-3.27.1 sssd-ipa-debuginfo-1.16.1-3.27.1 sssd-krb5-1.16.1-3.27.1 sssd-krb5-common-1.16.1-3.27.1 sssd-krb5-common-debuginfo-1.16.1-3.27.1 sssd-krb5-debuginfo-1.16.1-3.27.1 sssd-ldap-1.16.1-3.27.1 sssd-ldap-debuginfo-1.16.1-3.27.1 sssd-proxy-1.16.1-3.27.1 sssd-proxy-debuginfo-1.16.1-3.27.1 sssd-tools-1.16.1-3.27.1 sssd-tools-debuginfo-1.16.1-3.27.1 sssd-wbclient-1.16.1-3.27.1 sssd-wbclient-debuginfo-1.16.1-3.27.1 sssd-wbclient-devel-1.16.1-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): sssd-32bit-1.16.1-3.27.1 sssd-32bit-debuginfo-1.16.1-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.27.1 libipa_hbac0-1.16.1-3.27.1 libipa_hbac0-debuginfo-1.16.1-3.27.1 libsss_certmap-devel-1.16.1-3.27.1 libsss_certmap0-1.16.1-3.27.1 libsss_certmap0-debuginfo-1.16.1-3.27.1 libsss_idmap-devel-1.16.1-3.27.1 libsss_idmap0-1.16.1-3.27.1 libsss_idmap0-debuginfo-1.16.1-3.27.1 libsss_nss_idmap-devel-1.16.1-3.27.1 libsss_nss_idmap0-1.16.1-3.27.1 libsss_nss_idmap0-debuginfo-1.16.1-3.27.1 libsss_simpleifp-devel-1.16.1-3.27.1 libsss_simpleifp0-1.16.1-3.27.1 libsss_simpleifp0-debuginfo-1.16.1-3.27.1 python3-sssd-config-1.16.1-3.27.1 python3-sssd-config-debuginfo-1.16.1-3.27.1 sssd-1.16.1-3.27.1 sssd-ad-1.16.1-3.27.1 sssd-ad-debuginfo-1.16.1-3.27.1 sssd-dbus-1.16.1-3.27.1 sssd-dbus-debuginfo-1.16.1-3.27.1 sssd-debuginfo-1.16.1-3.27.1 sssd-debugsource-1.16.1-3.27.1 sssd-ipa-1.16.1-3.27.1 sssd-ipa-debuginfo-1.16.1-3.27.1 sssd-krb5-1.16.1-3.27.1 sssd-krb5-common-1.16.1-3.27.1 sssd-krb5-common-debuginfo-1.16.1-3.27.1 sssd-krb5-debuginfo-1.16.1-3.27.1 sssd-ldap-1.16.1-3.27.1 sssd-ldap-debuginfo-1.16.1-3.27.1 sssd-proxy-1.16.1-3.27.1 sssd-proxy-debuginfo-1.16.1-3.27.1 sssd-tools-1.16.1-3.27.1 sssd-tools-debuginfo-1.16.1-3.27.1 sssd-wbclient-1.16.1-3.27.1 sssd-wbclient-debuginfo-1.16.1-3.27.1 sssd-wbclient-devel-1.16.1-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.27.1 sssd-32bit-debuginfo-1.16.1-3.27.1 References: https://bugzilla.suse.com/1139247 From sle-updates at lists.suse.com Thu Jul 25 19:25:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:25:02 +0200 (CEST) Subject: SUSE-RU-2019:1985-1: moderate: Recommended update for suse-module-tools Message-ID: <20190726012502.66BD1FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1985-1 Rating: moderate References: #1100989 #1123697 #1123704 #1123721 #1127155 #1127891 #1134819 #937216 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - weak-modules2: Emit "inconsistent" warning only if replacement fails. (bsc#1127155) - spec file: Add conflicts for dracut < 44.2. (bsc#1127891) - modprobe.conf.common: Add csiostor->cxgb4 dependency. (bsc#1100989) - Fix driver-check.sh. (bsc#1123697, bsc#1123704) - Make code work without kmod-compat - Remove hard dependency on mkinitrd. (bsc#1123721) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1985=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.0.6-3.9.1 References: https://bugzilla.suse.com/1100989 https://bugzilla.suse.com/1123697 https://bugzilla.suse.com/1123704 https://bugzilla.suse.com/1123721 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127891 https://bugzilla.suse.com/1134819 https://bugzilla.suse.com/937216 From sle-updates at lists.suse.com Thu Jul 25 19:26:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 03:26:41 +0200 (CEST) Subject: SUSE-RU-2019:1987-1: moderate: Recommended update for yast2-network Message-ID: <20190726012641.1F0CBFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1987-1 Rating: moderate References: #1133442 #1136929 #1137324 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Use the hwinfo permanent MAC address instead of the current MAC which could be wrong in case of an enslaved interface (bsc#1136929) - Do not create duplicate udev rule attributes when editing an interface name (bsc#1137324) - AutoYaST installation fails at second stage with a "waiting for network" dialog (bsc#1133442) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1987=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1987=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-network-3.4.9-3.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-network-3.4.9-3.19.1 References: https://bugzilla.suse.com/1133442 https://bugzilla.suse.com/1136929 https://bugzilla.suse.com/1137324 From sle-updates at lists.suse.com Fri Jul 26 04:13:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 12:13:13 +0200 (CEST) Subject: SUSE-RU-2019:1988-1: Recommended update for libXi Message-ID: <20190726101313.DA4ECFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1988-1 Rating: low References: #1049681 #1134167 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libXi provides the following fix: - Fix a crash on X11 clients when tablet inputs are connected. (bsc#1049681) - Fix a crash that would happen in case of a _XReply() call fails, freeing an uninitialized pointer. (bsc#1134167) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1988=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1988=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1988=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libXi-debugsource-1.7.4-18.6.1 libXi-devel-1.7.4-18.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libXi-debugsource-1.7.4-18.6.1 libXi6-1.7.4-18.6.1 libXi6-debuginfo-1.7.4-18.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libXi6-32bit-1.7.4-18.6.1 libXi6-debuginfo-32bit-1.7.4-18.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libXi-debugsource-1.7.4-18.6.1 libXi6-1.7.4-18.6.1 libXi6-32bit-1.7.4-18.6.1 libXi6-debuginfo-1.7.4-18.6.1 libXi6-debuginfo-32bit-1.7.4-18.6.1 References: https://bugzilla.suse.com/1049681 https://bugzilla.suse.com/1134167 From sle-updates at lists.suse.com Fri Jul 26 10:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 18:13:19 +0200 (CEST) Subject: SUSE-SU-2019:1990-1: Security update for cronie Message-ID: <20190726161319.390F7FFD7@maintenance.suse.de> SUSE Security Update: Security update for cronie ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1990-1 Rating: low References: #1128935 #1128937 #1130746 #1133100 Cross-References: CVE-2019-9704 CVE-2019-9705 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1990=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1990=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 - SUSE CaaS Platform 3.0 (x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 References: https://www.suse.com/security/cve/CVE-2019-9704.html https://www.suse.com/security/cve/CVE-2019-9705.html https://bugzilla.suse.com/1128935 https://bugzilla.suse.com/1128937 https://bugzilla.suse.com/1130746 https://bugzilla.suse.com/1133100 From sle-updates at lists.suse.com Fri Jul 26 13:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Jul 2019 21:10:46 +0200 (CEST) Subject: SUSE-RU-2019:1993-1: moderate: Recommended update for yast2-network and yast2-ntp-client Message-ID: <20190726191046.3053EFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network and yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1993-1 Rating: moderate References: #1039985 #1105692 #1129012 #1131588 #1136929 #1137324 #1137346 #1138297 #1140199 #893065 #903889 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for yast2-network and yast2-ntp-client fixes the following issues: yast2-network: - Internal Error after "yast lan add" (bsc#1137346) - Use the hwinfo permanent mac address instead of the current mac which could be wrong in case of an enslaved interface (bsc#1136929) - Do not create duplicate udev rule attributes when editing an interface name (bsc#1137324) - When proposing a bridge configuration for virtualization, move the routes from the enslaved interface to the new bridge (bsc#903889) - display a confirmation popup when static route is going to be removed when switching a device to dhcp (bsc#1131588) - AutoYaST: Use the bus_id of the udev parent device when using virtio network cards and matching the existent rules with the defined in in the profile (bsc#1129012) - Showing correct start mode for nfsroot device (bsc#1105692) - Fixes an issue during AutoYaST, where the error message 'Calling the YaST module `lan has failed.' has wrongly been reported (bsc#1140199) yast2-ntp-client: - Fixes an issue during AutoYaST, where the error 'Calling the YaST module `ntp-client has failed.' has wrongly been reported (bsc#1140199) - Fixed a GUI bug where the 'Synchronize now' button and 'NTP Server Address' were misaligned (bsc#893065, bsc#1039985) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1993=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-network-4.1.51-3.9.2 yast2-ntp-client-4.1.9-3.3.1 References: https://bugzilla.suse.com/1039985 https://bugzilla.suse.com/1105692 https://bugzilla.suse.com/1129012 https://bugzilla.suse.com/1131588 https://bugzilla.suse.com/1136929 https://bugzilla.suse.com/1137324 https://bugzilla.suse.com/1137346 https://bugzilla.suse.com/1138297 https://bugzilla.suse.com/1140199 https://bugzilla.suse.com/893065 https://bugzilla.suse.com/903889 From sle-updates at lists.suse.com Fri Jul 26 16:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:10:31 +0200 (CEST) Subject: SUSE-RU-2019:1994-1: moderate: Recommended update for libxml2 Message-ID: <20190726221032.07126FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1994-1 Rating: moderate References: #1135123 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1994=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1994=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1994=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1994=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1994=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.9.1 python2-libxml2-python-2.9.7-3.9.1 python2-libxml2-python-debuginfo-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libxml2-debugsource-2.9.7-3.9.1 libxml2-devel-32bit-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): libxml2-doc-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libxml2-doc-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.9.1 libxml2-2-debuginfo-2.9.7-3.9.1 libxml2-debugsource-2.9.7-3.9.1 libxml2-devel-2.9.7-3.9.1 libxml2-tools-2.9.7-3.9.1 libxml2-tools-debuginfo-2.9.7-3.9.1 python-libxml2-python-debugsource-2.9.7-3.9.1 python3-libxml2-python-2.9.7-3.9.1 python3-libxml2-python-debuginfo-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libxml2-2-32bit-2.9.7-3.9.1 libxml2-2-32bit-debuginfo-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.9.1 libxml2-2-debuginfo-2.9.7-3.9.1 libxml2-debugsource-2.9.7-3.9.1 libxml2-devel-2.9.7-3.9.1 libxml2-tools-2.9.7-3.9.1 libxml2-tools-debuginfo-2.9.7-3.9.1 python-libxml2-python-debugsource-2.9.7-3.9.1 python2-libxml2-python-2.9.7-3.9.1 python2-libxml2-python-debuginfo-2.9.7-3.9.1 python3-libxml2-python-2.9.7-3.9.1 python3-libxml2-python-debuginfo-2.9.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libxml2-2-32bit-2.9.7-3.9.1 libxml2-2-32bit-debuginfo-2.9.7-3.9.1 References: https://bugzilla.suse.com/1135123 From sle-updates at lists.suse.com Fri Jul 26 16:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:11:20 +0200 (CEST) Subject: SUSE-RU-2019:1998-1: moderate: Recommended update for sysstat Message-ID: <20190726221120.9D458FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1998-1 Rating: moderate References: #1138767 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Fix scaling issue with mtab symlinks and automounter. (bsc#1138767) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1998=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1998=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1998=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1998=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.9.1 sysstat-debugsource-12.0.2-3.9.1 sysstat-isag-12.0.2-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.9.1 sysstat-debugsource-12.0.2-3.9.1 sysstat-isag-12.0.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.9.1 sysstat-debuginfo-12.0.2-3.9.1 sysstat-debugsource-12.0.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.9.1 sysstat-debuginfo-12.0.2-3.9.1 sysstat-debugsource-12.0.2-3.9.1 References: https://bugzilla.suse.com/1138767 From sle-updates at lists.suse.com Fri Jul 26 16:11:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:11:59 +0200 (CEST) Subject: SUSE-RU-2019:2000-1: moderate: Recommended update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20190726221159.C5927FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2000-1 Rating: moderate References: #1138920 #1139649 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fixes the following issues: containerd: - Update to containerd v1.2.6, which is required for Docker v18.09.7-ce (bsc#1139649). docker: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to Docker 18.09.7-ce. See upstream changelog in /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1139649). docker-runc: - Update to runc 425e105d5a03, which is required for Docker v18.09.7-ce (bsc#1139649). - Remove docker-runc-test (it's not useful for actual testing). golang-github-docker-libnetwork: - Update to version git.e7933d41e7b206756115aa9df5e0599fc5169742 (bsc#1139649). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-2000=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.2.6-16.20.1 docker-18.09.7_ce-98.43.1 docker-debuginfo-18.09.7_ce-98.43.1 docker-debugsource-18.09.7_ce-98.43.1 docker-libnetwork-0.7.0.1+gitr2728_e7933d41e7b2-22.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2728_e7933d41e7b2-22.1 docker-runc-1.0.0rc8+gitr3826_425e105d5a03-1.26.1 - SUSE CaaS Platform 3.0 (x86_64): containerd-kubic-1.2.6-16.20.1 docker-kubic-18.09.7_ce-98.43.1 docker-kubic-debuginfo-18.09.7_ce-98.43.1 docker-kubic-debugsource-18.09.7_ce-98.43.1 docker-libnetwork-kubic-0.7.0.1+gitr2728_e7933d41e7b2-22.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2728_e7933d41e7b2-22.1 docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-1.26.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-1.26.1 References: https://bugzilla.suse.com/1138920 https://bugzilla.suse.com/1139649 From sle-updates at lists.suse.com Fri Jul 26 16:12:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:12:49 +0200 (CEST) Subject: SUSE-RU-2019:1991-1: moderate: Recommended update for saptune Message-ID: <20190726221249.E26B5FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1991-1 Rating: moderate References: #1116799 #1120741 #1123808 #1124485 #1124486 #1124487 #1124488 #1124489 #1126220 #1128322 #1128325 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) - Remove new line from println arg list of main.go to support newer go versions. (bsc#1120741) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1991=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): saptune-2.0.1-8.16.1 saptune-debuginfo-2.0.1-8.16.1 References: https://bugzilla.suse.com/1116799 https://bugzilla.suse.com/1120741 https://bugzilla.suse.com/1123808 https://bugzilla.suse.com/1124485 https://bugzilla.suse.com/1124486 https://bugzilla.suse.com/1124487 https://bugzilla.suse.com/1124488 https://bugzilla.suse.com/1124489 https://bugzilla.suse.com/1126220 https://bugzilla.suse.com/1128322 https://bugzilla.suse.com/1128325 From sle-updates at lists.suse.com Fri Jul 26 16:14:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:14:36 +0200 (CEST) Subject: SUSE-RU-2019:1996-1: moderate: Recommended update for sysstat Message-ID: <20190726221436.44D55FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1996-1 Rating: moderate References: #1138767 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Fix scaling issue with mtab symlinks and automounter. (bsc#1138767) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1996=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1996=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.21.1 sysstat-debuginfo-12.0.2-10.21.1 sysstat-debugsource-12.0.2-10.21.1 sysstat-isag-12.0.2-10.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sysstat-12.0.2-10.21.1 sysstat-debuginfo-12.0.2-10.21.1 sysstat-debugsource-12.0.2-10.21.1 References: https://bugzilla.suse.com/1138767 From sle-updates at lists.suse.com Fri Jul 26 16:15:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:15:12 +0200 (CEST) Subject: SUSE-RU-2019:1999-1: moderate: Recommended update for libica Message-ID: <20190726221512.71FA8FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1999-1 Rating: moderate References: #1134004 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libica fixes the following issues: - Reworked how libica-tools loads and unloads kernel modules to avoid spurious error messages. (bsc#1134004) Converted the boot.z90crypt sysV init script to a systemd unit file. Removed any references to insserv in the spec file. Updated the z90crypt script itself to properly load and unload the kernel modules as they exist today. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1999=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1999=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x): libica-debugsource-3.3.3-5.3.1 libica-devel-3.3.3-5.3.1 libica-devel-static-3.3.3-5.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): libica-debugsource-3.3.3-5.3.1 libica-tools-3.3.3-5.3.1 libica-tools-debuginfo-3.3.3-5.3.1 libica3-3.3.3-5.3.1 libica3-32bit-3.3.3-5.3.1 libica3-debuginfo-3.3.3-5.3.1 libica3-debuginfo-32bit-3.3.3-5.3.1 References: https://bugzilla.suse.com/1134004 From sle-updates at lists.suse.com Fri Jul 26 16:15:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:15:50 +0200 (CEST) Subject: SUSE-RU-2019:1997-1: moderate: Recommended update for tracker Message-ID: <20190726221550.BF343FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for tracker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1997-1 Rating: moderate References: #1038823 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tracker fixes the following issues: - Move gstreamer initialization to the plugin initialization phase, since it can rebuild the registry cache and should be done outside the sandbox. Also disable some plugins, per upstream, since they can cause sandbox violations and other problems. (bgo#790457) (bsc#1038823) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1997=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1997=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1997=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1997=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libtracker-control-1_0-0-1.8.3-4.10.1 libtracker-control-1_0-0-debuginfo-1.8.3-4.10.1 libtracker-miner-1_0-0-1.8.3-4.10.1 libtracker-miner-1_0-0-debuginfo-1.8.3-4.10.1 nautilus-extension-tracker-tags-1.8.3-4.10.1 nautilus-extension-tracker-tags-debuginfo-1.8.3-4.10.1 tracker-1.8.3-4.10.1 tracker-debuginfo-1.8.3-4.10.1 tracker-debugsource-1.8.3-4.10.1 tracker-extras-debugsource-1.8.3-4.10.1 tracker-gui-1.8.3-4.10.1 tracker-gui-debuginfo-1.8.3-4.10.1 tracker-miner-files-1.8.3-4.10.1 tracker-miner-files-debuginfo-1.8.3-4.10.1 typelib-1_0-Tracker-1_0-1.8.3-4.10.1 typelib-1_0-TrackerControl-1_0-1.8.3-4.10.1 typelib-1_0-TrackerMiner-1_0-1.8.3-4.10.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): tracker-lang-1.8.3-4.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtracker-miner-1_0-0-1.8.3-4.10.1 libtracker-miner-1_0-0-debuginfo-1.8.3-4.10.1 tracker-debuginfo-1.8.3-4.10.1 tracker-debugsource-1.8.3-4.10.1 tracker-devel-1.8.3-4.10.1 typelib-1_0-Tracker-1_0-1.8.3-4.10.1 typelib-1_0-TrackerMiner-1_0-1.8.3-4.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtracker-common-1_0-1.8.3-4.10.1 libtracker-common-1_0-debuginfo-1.8.3-4.10.1 libtracker-sparql-1_0-0-1.8.3-4.10.1 libtracker-sparql-1_0-0-debuginfo-1.8.3-4.10.1 tracker-debuginfo-1.8.3-4.10.1 tracker-debugsource-1.8.3-4.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): tracker-lang-1.8.3-4.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtracker-common-1_0-1.8.3-4.10.1 libtracker-common-1_0-debuginfo-1.8.3-4.10.1 libtracker-control-1_0-0-1.8.3-4.10.1 libtracker-control-1_0-0-debuginfo-1.8.3-4.10.1 libtracker-miner-1_0-0-1.8.3-4.10.1 libtracker-miner-1_0-0-debuginfo-1.8.3-4.10.1 libtracker-sparql-1_0-0-1.8.3-4.10.1 libtracker-sparql-1_0-0-debuginfo-1.8.3-4.10.1 nautilus-extension-tracker-tags-1.8.3-4.10.1 nautilus-extension-tracker-tags-debuginfo-1.8.3-4.10.1 tracker-1.8.3-4.10.1 tracker-debuginfo-1.8.3-4.10.1 tracker-debugsource-1.8.3-4.10.1 tracker-extras-debugsource-1.8.3-4.10.1 tracker-gui-1.8.3-4.10.1 tracker-gui-debuginfo-1.8.3-4.10.1 tracker-miner-files-1.8.3-4.10.1 tracker-miner-files-debuginfo-1.8.3-4.10.1 typelib-1_0-Tracker-1_0-1.8.3-4.10.1 typelib-1_0-TrackerControl-1_0-1.8.3-4.10.1 typelib-1_0-TrackerMiner-1_0-1.8.3-4.10.1 References: https://bugzilla.suse.com/1038823 From sle-updates at lists.suse.com Fri Jul 26 16:16:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:16:33 +0200 (CEST) Subject: SUSE-RU-2019:1992-1: moderate: Recommended update for yast2-packager Message-ID: <20190726221633.3EBA4FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1992-1 Rating: moderate References: #1114018 #1132622 #1135901 #1136325 #1136708 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for yast2-packager and yast2-add-on provides the following fixes: yast2-packager: - Package installation: Rebuild slide show dialog and enable realease notes tab. (bsc#1136708) - Allow to select the license language when running in textmode. (bsc#1135901) - Define the openSUSE => SLES product migration to properly display the migration summary text. (bsc#1136325) - Overwrite already existing repositories in "new installation" mode. (bsc#1132622) - Do not show already added repositories. Replace $releasever by the current product version. (bsc#1132622) yast2-add-on: - Fixes an issue where yast2-add-on has aborted, when an addon license is refused (bsc#1114018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1992=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-packager-4.1.47-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-add-on-4.1.13-3.7.1 References: https://bugzilla.suse.com/1114018 https://bugzilla.suse.com/1132622 https://bugzilla.suse.com/1135901 https://bugzilla.suse.com/1136325 https://bugzilla.suse.com/1136708 From sle-updates at lists.suse.com Fri Jul 26 16:17:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Jul 2019 00:17:41 +0200 (CEST) Subject: SUSE-RU-2019:2001-1: important: Recommended update for docker Message-ID: <20190726221741.5F9BBFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2001-1 Rating: important References: #1138920 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2001=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2001=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2001=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-2001=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): docker-debuginfo-18.09.6_ce-6.23.1 docker-debugsource-18.09.6_ce-6.23.1 docker-kubic-18.09.6_ce-6.23.1 docker-kubic-debuginfo-18.09.6_ce-6.23.1 docker-kubic-debugsource-18.09.6_ce-6.23.1 docker-kubic-kubeadm-criconfig-18.09.6_ce-6.23.1 docker-kubic-test-18.09.6_ce-6.23.1 docker-kubic-test-debuginfo-18.09.6_ce-6.23.1 docker-test-18.09.6_ce-6.23.1 docker-test-debuginfo-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): docker-kubic-bash-completion-18.09.6_ce-6.23.1 docker-kubic-zsh-completion-18.09.6_ce-6.23.1 docker-zsh-completion-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): docker-debuginfo-18.09.6_ce-6.23.1 docker-debugsource-18.09.6_ce-6.23.1 docker-test-18.09.6_ce-6.23.1 docker-test-debuginfo-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-zsh-completion-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): docker-18.09.6_ce-6.23.1 docker-debuginfo-18.09.6_ce-6.23.1 docker-debugsource-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): docker-bash-completion-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-18.09.6_ce-6.23.1 docker-debuginfo-18.09.6_ce-6.23.1 docker-debugsource-18.09.6_ce-6.23.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.6_ce-6.23.1 References: https://bugzilla.suse.com/1138920 From sle-updates at lists.suse.com Mon Jul 29 07:11:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Jul 2019 15:11:26 +0200 (CEST) Subject: SUSE-SU-2019:1861-2: important: Security update for MozillaFirefox Message-ID: <20190729131126.5B382FFD7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1861-2 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE OpenStack Cloud Crowbar 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1861=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1861=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-updates at lists.suse.com Mon Jul 29 13:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Jul 2019 21:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2013-1: important: Security update for bzip2 Message-ID: <20190729191036.B82D8FFD7@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2013-1 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2013=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2013=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2013=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2013=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2013=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2013=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2013=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2013=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2013=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2013=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2013=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2013=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2013=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2013=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2013=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2013=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2013=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 8 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE OpenStack Cloud 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 7 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-devel-1.0.6-30.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-devel-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 5 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 5 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Enterprise Storage 4 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 4 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE CaaS Platform 3.0 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - HPE Helion Openstack 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - HPE Helion Openstack 8 (noarch): bzip2-doc-1.0.6-30.8.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-updates at lists.suse.com Mon Jul 29 13:11:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Jul 2019 21:11:25 +0200 (CEST) Subject: SUSE-SU-2019:2014-1: moderate: Security update for openexr Message-ID: <20190729191125.829B7FFD7@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2014-1 Rating: moderate References: #1061305 Cross-References: CVE-2017-14988 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2014=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2014=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2014=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2014=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 openexr-devel-2.1.0-6.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.13.1 openexr-2.1.0-6.13.1 openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.13.1 openexr-2.1.0-6.13.1 openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 References: https://www.suse.com/security/cve/CVE-2017-14988.html https://bugzilla.suse.com/1061305 From sle-updates at lists.suse.com Tue Jul 30 10:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:11:00 +0200 (CEST) Subject: SUSE-SU-2019:2020-1: important: Security update for mariadb, mariadb-connector-c Message-ID: <20190730161100.28FF7FFD7@maintenance.suse.de> SUSE Security Update: Security update for mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2020-1 Rating: important References: #1126088 #1132666 #1136035 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2020=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2020=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2020=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.1.2-3.9.3 libmariadb-devel-debuginfo-3.1.2-3.9.3 libmariadb_plugins-3.1.2-3.9.3 libmariadb_plugins-debuginfo-3.1.2-3.9.3 libmysqld-devel-10.2.25-3.17.2 libmysqld19-10.2.25-3.17.2 libmysqld19-debuginfo-10.2.25-3.17.2 mariadb-10.2.25-3.17.2 mariadb-client-10.2.25-3.17.2 mariadb-client-debuginfo-10.2.25-3.17.2 mariadb-connector-c-debugsource-3.1.2-3.9.3 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-tools-10.2.25-3.17.2 mariadb-tools-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): mariadb-errormessages-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.1.2-3.9.3 libmariadb-devel-debuginfo-3.1.2-3.9.3 libmariadb_plugins-3.1.2-3.9.3 libmariadb_plugins-debuginfo-3.1.2-3.9.3 libmysqld-devel-10.2.25-3.17.2 libmysqld19-10.2.25-3.17.2 libmysqld19-debuginfo-10.2.25-3.17.2 mariadb-10.2.25-3.17.2 mariadb-client-10.2.25-3.17.2 mariadb-client-debuginfo-10.2.25-3.17.2 mariadb-connector-c-debugsource-3.1.2-3.9.3 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-tools-10.2.25-3.17.2 mariadb-tools-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mariadb-errormessages-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.17.2 mariadb-bench-debuginfo-10.2.25-3.17.2 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-galera-10.2.25-3.17.2 mariadb-test-10.2.25-3.17.2 mariadb-test-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmariadb3-32bit-3.1.2-3.9.3 libmariadb3-32bit-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.17.2 mariadb-bench-debuginfo-10.2.25-3.17.2 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-galera-10.2.25-3.17.2 mariadb-test-10.2.25-3.17.2 mariadb-test-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libmariadb3-3.1.2-3.9.3 libmariadb3-debuginfo-3.1.2-3.9.3 libmariadbprivate-3.1.2-3.9.3 libmariadbprivate-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmariadb3-3.1.2-3.9.3 libmariadb3-debuginfo-3.1.2-3.9.3 libmariadbprivate-3.1.2-3.9.3 libmariadbprivate-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2628.html https://bugzilla.suse.com/1126088 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136035 From sle-updates at lists.suse.com Tue Jul 30 10:13:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:13:59 +0200 (CEST) Subject: SUSE-RU-2019:2017-1: moderate: Recommended update for empathy Message-ID: <20190730161359.71695FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for empathy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2017-1 Rating: moderate References: #1136781 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for empathy fixes the following issues: - Use the upstream changes for the port to webkit2 and gst-3_0. - Drop pkgconfig(gnutls) to make it possible to connect to Google server. (bsc#1136781) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2017=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2017=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): empathy-3.12.14-8.6.1 empathy-debuginfo-3.12.14-8.6.1 empathy-debugsource-3.12.14-8.6.1 telepathy-mission-control-plugin-goa-3.12.14-8.6.1 telepathy-mission-control-plugin-goa-debuginfo-3.12.14-8.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): empathy-lang-3.12.14-8.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): empathy-lang-3.12.14-8.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): empathy-3.12.14-8.6.1 empathy-debuginfo-3.12.14-8.6.1 empathy-debugsource-3.12.14-8.6.1 telepathy-mission-control-plugin-goa-3.12.14-8.6.1 telepathy-mission-control-plugin-goa-debuginfo-3.12.14-8.6.1 References: https://bugzilla.suse.com/1136781 From sle-updates at lists.suse.com Tue Jul 30 10:16:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:16:39 +0200 (CEST) Subject: SUSE-SU-2019:2018-1: important: Security update for polkit Message-ID: <20190730161639.C6DDDFFD7@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2018-1 Rating: important References: #1121826 Cross-References: CVE-2019-6133 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2018=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2018=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2018=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpolkit0-32bit-0.114-3.9.1 libpolkit0-32bit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): polkit-doc-0.114-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): polkit-doc-0.114-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.9.1 libpolkit0-debuginfo-0.114-3.9.1 polkit-0.114-3.9.1 polkit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 polkit-devel-0.114-3.9.1 polkit-devel-debuginfo-0.114-3.9.1 typelib-1_0-Polkit-1_0-0.114-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.9.1 libpolkit0-debuginfo-0.114-3.9.1 polkit-0.114-3.9.1 polkit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 polkit-devel-0.114-3.9.1 polkit-devel-debuginfo-0.114-3.9.1 typelib-1_0-Polkit-1_0-0.114-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-6133.html https://bugzilla.suse.com/1121826 From sle-updates at lists.suse.com Tue Jul 30 10:17:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:17:19 +0200 (CEST) Subject: SUSE-RU-2019:2015-1: moderate: Recommended update for kiwi Message-ID: <20190730161719.21E7CFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2015-1 Rating: moderate References: #1141156 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issues: - In some specific partition size configurations in the PXE client the partition layout was always seen as an invalid one in each boot. This was causing a repartition and redeploy of the PXE image in every single boot. (bsc#1141156) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2015=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2015=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.52-2.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-7.04.52-2.12.1 kiwi-desc-oemboot-7.04.52-2.12.1 kiwi-desc-vmxboot-7.04.52-2.12.1 kiwi-templates-7.04.52-2.12.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.52-2.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kiwi-doc-7.04.52-2.12.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-desc-isoboot-7.04.52-2.12.1 References: https://bugzilla.suse.com/1141156 From sle-updates at lists.suse.com Tue Jul 30 10:17:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:17:57 +0200 (CEST) Subject: SUSE-RU-2019:2016-1: moderate: Recommended update for perf Message-ID: <20190730161757.B04EBFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2016-1 Rating: moderate References: #1142104 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf fixes the following issues: - Fix crash printing mixed tracepoint/other events from perftool-testsuite. (bsc#1142104) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2016=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perf-4.12.14-17.3.1 perf-debuginfo-4.12.14-17.3.1 perf-debugsource-4.12.14-17.3.1 References: https://bugzilla.suse.com/1142104 From sle-updates at lists.suse.com Tue Jul 30 13:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 21:10:45 +0200 (CEST) Subject: SUSE-OU-2019:2022-1: Initial release of package grafana Message-ID: <20190730191045.E9C5BFFD7@maintenance.suse.de> SUSE Optional Update: Initial release of package grafana ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2022-1 Rating: low References: #1044444 #1044933 #1115960 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update provides package grafana for SUSE Manager: SLE12 Client Tools Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-2022=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): grafana-6.2.1-1.3.1 grafana-debuginfo-6.2.1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-19039.html https://bugzilla.suse.com/1044444 https://bugzilla.suse.com/1044933 https://bugzilla.suse.com/1115960 From sle-updates at lists.suse.com Tue Jul 30 13:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 21:11:41 +0200 (CEST) Subject: SUSE-OU-2019:2023-1: Initial release of package grafana Message-ID: <20190730191141.CB78CFFD7@maintenance.suse.de> SUSE Optional Update: Initial release of package grafana ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2023-1 Rating: low References: #1044444 #1044933 #1115960 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update provides package grafana for SUSE Manager: SLE15 Client Tools Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-2023=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-6.2.1-1.3.1 grafana-debuginfo-6.2.1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-19039.html https://bugzilla.suse.com/1044444 https://bugzilla.suse.com/1044933 https://bugzilla.suse.com/1115960 From sle-updates at lists.suse.com Tue Jul 30 13:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Jul 2019 21:12:34 +0200 (CEST) Subject: SUSE-SU-2019:2021-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190730191234.0D121FFD7@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2021-1 Rating: important References: #1115375 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2021=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2021=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2021=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2021=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2021=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-src-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-src-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2 References: https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1115375 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-updates at lists.suse.com Tue Jul 30 16:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Jul 2019 00:10:52 +0200 (CEST) Subject: SUSE-RU-2019:2025-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20190730221052.81522FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2025-1 Rating: moderate References: #1141322 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322): * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21: * Changed prbit.h to use builtin function on aarch64. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2025=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2025=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2025=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2025=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2025=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2025=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2025=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2025=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2025=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2025=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2025=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2025=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2025=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2025=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2025=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2025=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2025=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2025=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2025=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2025=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nspr-devel-4.21-19.9.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-devel-3.45-58.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nspr-devel-4.21-19.9.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-devel-3.45-58.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nspr-devel-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-devel-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nspr-devel-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-devel-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Enterprise Storage 5 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE Enterprise Storage 4 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.45-58.31.1 libfreebl3-32bit-3.45-58.31.1 libfreebl3-debuginfo-3.45-58.31.1 libfreebl3-debuginfo-32bit-3.45-58.31.1 libfreebl3-hmac-3.45-58.31.1 libfreebl3-hmac-32bit-3.45-58.31.1 libsoftokn3-3.45-58.31.1 libsoftokn3-32bit-3.45-58.31.1 libsoftokn3-debuginfo-3.45-58.31.1 libsoftokn3-debuginfo-32bit-3.45-58.31.1 libsoftokn3-hmac-3.45-58.31.1 libsoftokn3-hmac-32bit-3.45-58.31.1 mozilla-nspr-32bit-4.21-19.9.1 mozilla-nspr-4.21-19.9.1 mozilla-nspr-debuginfo-32bit-4.21-19.9.1 mozilla-nspr-debuginfo-4.21-19.9.1 mozilla-nspr-debugsource-4.21-19.9.1 mozilla-nss-3.45-58.31.1 mozilla-nss-32bit-3.45-58.31.1 mozilla-nss-certs-3.45-58.31.1 mozilla-nss-certs-32bit-3.45-58.31.1 mozilla-nss-certs-debuginfo-3.45-58.31.1 mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debuginfo-3.45-58.31.1 mozilla-nss-debuginfo-32bit-3.45-58.31.1 mozilla-nss-debugsource-3.45-58.31.1 mozilla-nss-sysinit-3.45-58.31.1 mozilla-nss-sysinit-32bit-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-3.45-58.31.1 mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1 mozilla-nss-tools-3.45-58.31.1 mozilla-nss-tools-debuginfo-3.45-58.31.1 References: https://bugzilla.suse.com/1141322 From sle-updates at lists.suse.com Tue Jul 30 16:12:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Jul 2019 00:12:17 +0200 (CEST) Subject: SUSE-RU-2019:2026-1: moderate: Recommended update for Azure Python SDK Message-ID: <20190730221217.3D403FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for Azure Python SDK ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2026-1 Rating: moderate References: #1054413 #1122523 #979331 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update brings the following python modules for the Azure Python SDK: - python-Flask - python-Werkzeug - python-click - python-decorator - python-httpbin - python-idna - python-itsdangerous - python-py - python-pytest-httpbin - python-pytest-mock - python-requests Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2026=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2026=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2026=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2026=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2026=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2026=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2026=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2026=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2026=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2026=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2026=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2026=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2026=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2026=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2026=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2026=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2026=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE OpenStack Cloud 7 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-idna-2.5-3.10.2 python3-idna-2.5-3.10.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Flask-0.12.1-7.4.2 python-Werkzeug-0.12.2-10.4.2 python-click-6.7-2.4.2 python-decorator-4.1.2-4.4.2 python-httpbin-0.5.0-2.4.2 python-idna-2.5-3.10.2 python-itsdangerous-0.24-7.4.2 python-py-1.5.2-8.8.2 python-requests-2.18.2-8.4.2 python-six-1.11.0-9.21.2 python3-Flask-0.12.1-7.4.2 python3-Werkzeug-0.12.2-10.4.2 python3-click-6.7-2.4.2 python3-decorator-4.1.2-4.4.2 python3-httpbin-0.5.0-2.4.2 python3-idna-2.5-3.10.2 python3-itsdangerous-0.24-7.4.2 python3-py-1.5.2-8.8.2 python3-requests-2.18.2-8.4.2 python3-six-1.11.0-9.21.2 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): python-idna-2.5-3.10.2 python3-idna-2.5-3.10.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 - SUSE Enterprise Storage 5 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE Enterprise Storage 4 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 python3-idna-2.5-3.10.2 python3-six-1.11.0-9.21.2 - SUSE CaaS Platform 3.0 (noarch): python-idna-2.5-3.10.2 python-six-1.11.0-9.21.2 References: https://bugzilla.suse.com/1054413 https://bugzilla.suse.com/1122523 https://bugzilla.suse.com/979331 From sle-updates at lists.suse.com Wed Jul 31 07:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2027-1: moderate: Security update for python-requests Message-ID: <20190731131036.4B744FFD7@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2027-1 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed an issue which could ease attackers to discover credentials by sniffing the network (bsc#1111622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2027=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-requests-2.11.1-6.31.1 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-updates at lists.suse.com Wed Jul 31 10:10:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Jul 2019 18:10:30 +0200 (CEST) Subject: SUSE-SU-2019:2028-1: important: Security update for java-1_7_0-openjdk Message-ID: <20190731161030.E4035FFD7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2028-1 Rating: important References: #1087082 #1134297 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2018-3639 CVE-2019-2426 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE_2019-2426: Improve web server connections (bsc#1134297). - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082). - Certificate validation improvements Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2028=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2028=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.231-43.27.2 java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2 java-1_7_0-openjdk-demo-1.7.0.231-43.27.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-devel-1.7.0.231-43.27.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_7_0-openjdk-1.7.0.231-43.27.2 java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2426.html https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1134297 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-updates at lists.suse.com Wed Jul 31 16:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:10:43 +0200 (CEST) Subject: SUSE-SU-2019:2030-1: moderate: Security update for zypper, libzypp and libsolv Message-ID: <20190731221043.25BC1FDF5@maintenance.suse.de> SUSE Security Update: Security update for zypper, libzypp and libsolv ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2030-1 Rating: moderate References: #1047962 #1049826 #1053177 #1065022 #1099019 #1102261 #1110542 #1111319 #1112911 #1113296 #1114908 #1115341 #1116840 #1118758 #1119373 #1119820 #1119873 #1120263 #1120463 #1120629 #1120630 #1120631 #1121611 #1122062 #1122471 #1123137 #1123681 #1123843 #1123865 #1123967 #1124897 #1125415 #1127026 #1127155 #1127220 #1130161 #1131823 #1135749 #1137977 #663358 #764147 #965786 #978193 #993025 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 41 fixes is now available. Description: This update for libzypp and libsolv fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Fixed bugs and enhancements: - make cleandeps jobs on patterns work (bnc#1137977) - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823). - Copy pattern categories from the rpm that defines the pattern (fate#323785). - Enhance scanning /sys for modaliases (bsc#1130161). - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026). - Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220). - Added a hint when registration codes have expired (bsc#965786). - Adds a better handling of an error when verifying any repository medium (bsc#1065022). - Will now only write type field when probing (bsc#1114908). - Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193). - Suppresses reporting `/memfd:` pseudo files (bsc#1123843). - Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471). - Fixes an issue where locks were ignored (bsc#1113296). - Simplify complex locks so zypper can display them (bsc#1112911). - zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758). - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513). - Removes world-readable bit from /var/log/zypp (bsc#1099019). - Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840). - Fixes soname due to libsolv ABI changes (bsc#1115341). - Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451). This update for zypper 1.14.27 fixes the following issues: - bash-completion: add package completion for addlock (bsc#1047962) - bash-completion: fix incorrect detection of command names (bsc#1049826) - Offer to change the 'runSearchPackages' config option at the prompt (bsc#1119373, FATE#325599) - Prompt: provide a 'yes/no/always/never' prompt. - Prompt: support "#NUM" as answer to select the NUMth option... - Augeas: enable writing back changed option values (to ~/.zypper.conf) - removelocale: fix segfault - Move needs-restarting command to subpackage (fixes #254) - Allow empty string as argument (bsc#1125415) - Provide a way to delete cache for volatile repositories (bsc#1053177) - Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255) - Show support status in info if not unknown (bsc#764147) - Fix installing plain rpm files with `zypper in` (bsc#1124897) - Show only required info in the summary in quiet mode (bsc#993025) - Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED only for patches. We don't extend this return code to packages, although they may also carry the 'reboot-needed' attribute. The preferred way to test whether the system needs to be rebooted is `zypper needs-rebooting`. (openSUSE/zypper#237) - Skip repository on error (bsc#1123967) - New commands for locale management: locales addlocale removelocale Inspect and manipulate the systems `requested locales`, aka. the languages software packages should try support by installing translations, dictionaries and tools, as far as they are available. - Don't throw, just warn if options are repeated (bsc#1123865) - Fix detection whether stdout is a tty (happened too late) - Fix broken --plus-content switch (fixes bsc#1123681) - Fix broken --replacefiles switch (fixes bsc#1123137) - Extend zypper source-install (fixes bsc#663358) - Fix inconsistent results for search (bsc#1119873) - Show reboot hint in zypper ps and summary (fixes bsc#1120263) - Improve handling of partially locked packages (bsc#1113296) - Fix wrong default values in help text (bsc#1121611) - Fixed broken argument parsing for --reposd-dir (bsc#1122062) - Fix wrong zypp::indeterminate use (bsc#1120463) - CLI parser: fix broken initialization enforcing 'select by name' (bsc#1119820) - zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220) - locks: Fix printing of versioned locks (bsc#1112911) - locks: create and write versioned locks correctly (bsc#1112911) - patch: --with update may implicitly assume --with-optional (bsc#1102261) - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (FATE#325513) - Optionally run "zypper search-packages" after "search" (FATE#325599) - zypper.conf: Add [search]runSearchPackages config variable. - Don't iterate twice on --no-cd (bsc#1111319) - zypper-log: Make it Python 3 compatible - man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140) - Add `needs-restarting` shell script and manpage (fate#326451) - Add zypper needs-rebooting command (fate#326451) - Introduce new zypper command framefork. Migrated commands so far: addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps refresh refresh-services removelock removerepo removeservice renamerepo repos services - MediaChangeReport: fix https URLs causing 2 prompts on error (bsc#1110542) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2030=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2030=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2030=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2030=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2030=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2030=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-2030=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): PackageKit-debuginfo-1.1.10-4.10.4 PackageKit-debugsource-1.1.10-4.10.4 PackageKit-gstreamer-plugin-1.1.10-4.10.4 PackageKit-gstreamer-plugin-debuginfo-1.1.10-4.10.4 PackageKit-gtk3-module-1.1.10-4.10.4 PackageKit-gtk3-module-debuginfo-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-demo-0.7.5-3.12.2 libsolv-demo-debuginfo-0.7.5-3.12.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.5.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.5.2 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg8-2.45.15.2-3.5.3 libyui-qt-pkg8-debuginfo-2.45.15.2-3.5.3 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-doc-17.12.0-3.23.6 python-solv-0.7.5-3.12.2 python-solv-debuginfo-0.7.5-3.12.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): zypper-aptitude-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-demo-0.7.5-3.12.2 libsolv-demo-debuginfo-0.7.5-3.12.2 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-doc-17.12.0-3.23.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): PackageKit-branding-upstream-1.1.10-4.10.4 yast2-pkg-bindings-devel-doc-4.0.13-3.7.2 zypper-aptitude-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 perl-solv-0.7.5-3.12.2 perl-solv-debuginfo-0.7.5-3.12.2 python3-solv-0.7.5-3.12.2 python3-solv-debuginfo-0.7.5-3.12.2 ruby-solv-0.7.5-3.12.2 ruby-solv-debuginfo-0.7.5-3.12.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.10-4.10.4 PackageKit-backend-zypp-1.1.10-4.10.4 PackageKit-backend-zypp-debuginfo-1.1.10-4.10.4 PackageKit-debuginfo-1.1.10-4.10.4 PackageKit-debugsource-1.1.10-4.10.4 PackageKit-devel-1.1.10-4.10.4 PackageKit-devel-debuginfo-1.1.10-4.10.4 libpackagekit-glib2-18-1.1.10-4.10.4 libpackagekit-glib2-18-debuginfo-1.1.10-4.10.4 libpackagekit-glib2-devel-1.1.10-4.10.4 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg-devel-2.45.15.2-3.5.3 typelib-1_0-PackageKitGlib-1_0-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): PackageKit-lang-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-devel-0.7.5-3.12.2 libsolv-devel-debuginfo-0.7.5-3.12.2 libsolv-tools-0.7.5-3.12.2 libsolv-tools-debuginfo-0.7.5-3.12.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.5.2 libyui-ncurses-pkg-devel-2.48.5.2-3.5.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.5.2 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg8-2.45.15.2-3.5.3 libyui-qt-pkg8-debuginfo-2.45.15.2-3.5.3 libzypp-17.12.0-3.23.6 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-17.12.0-3.23.6 python-solv-0.7.5-3.12.2 python-solv-debuginfo-0.7.5-3.12.2 yast2-pkg-bindings-4.0.13-3.7.2 yast2-pkg-bindings-debuginfo-4.0.13-3.7.2 yast2-pkg-bindings-debugsource-4.0.13-3.7.2 zypper-1.14.28-3.18.6 zypper-debuginfo-1.14.28-3.18.6 zypper-debugsource-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.5.3 libyui-qt-pkg-doc-2.45.15.2-3.5.3 zypper-log-1.14.28-3.18.6 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.5-3.12.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-qt-pkg8-2.45.15.2-3.5.3 libzypp-17.12.0-3.23.6 yast2-pkg-bindings-4.0.13-3.7.2 zypper-1.14.28-3.18.6 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1047962 https://bugzilla.suse.com/1049826 https://bugzilla.suse.com/1053177 https://bugzilla.suse.com/1065022 https://bugzilla.suse.com/1099019 https://bugzilla.suse.com/1102261 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1114908 https://bugzilla.suse.com/1115341 https://bugzilla.suse.com/1116840 https://bugzilla.suse.com/1118758 https://bugzilla.suse.com/1119373 https://bugzilla.suse.com/1119820 https://bugzilla.suse.com/1119873 https://bugzilla.suse.com/1120263 https://bugzilla.suse.com/1120463 https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1121611 https://bugzilla.suse.com/1122062 https://bugzilla.suse.com/1122471 https://bugzilla.suse.com/1123137 https://bugzilla.suse.com/1123681 https://bugzilla.suse.com/1123843 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1123967 https://bugzilla.suse.com/1124897 https://bugzilla.suse.com/1125415 https://bugzilla.suse.com/1127026 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127220 https://bugzilla.suse.com/1130161 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1135749 https://bugzilla.suse.com/1137977 https://bugzilla.suse.com/663358 https://bugzilla.suse.com/764147 https://bugzilla.suse.com/965786 https://bugzilla.suse.com/978193 https://bugzilla.suse.com/993025 From sle-updates at lists.suse.com Wed Jul 31 16:16:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:16:59 +0200 (CEST) Subject: SUSE-SU-2019:2033-1: important: Security update for icedtea-web Message-ID: <20190731221659.6139AFDF5@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2033-1 Rating: important References: #1142825 #1142832 #1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file (bsc#1142835) - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite (bsc#1142825). - CVE-2019-10185: Fixed a directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (bsc#1142832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2033=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2033=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): icedtea-web-1.7.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): icedtea-web-javadoc-1.7.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10181.html https://www.suse.com/security/cve/CVE-2019-10182.html https://www.suse.com/security/cve/CVE-2019-10185.html https://bugzilla.suse.com/1142825 https://bugzilla.suse.com/1142832 https://bugzilla.suse.com/1142835 From sle-updates at lists.suse.com Wed Jul 31 16:17:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:17:49 +0200 (CEST) Subject: SUSE-SU-2019:2032-1: important: Security update for subversion Message-ID: <20190731221749.63D59FDF5@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2032-1 Rating: important References: #1049448 #1142721 #1142743 Cross-References: CVE-2018-11782 CVE-2019-0203 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for subversion fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). Non-security issues fixed: - Add instructions for running svnserve as a user different from "svn", and remove sysconfig variables that are no longer effective with the systemd unit. bsc#1049448 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2032=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.19-25.9.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.19-25.9.1 subversion-1.8.19-25.9.1 subversion-debuginfo-1.8.19-25.9.1 subversion-debugsource-1.8.19-25.9.1 subversion-devel-1.8.19-25.9.1 subversion-perl-1.8.19-25.9.1 subversion-perl-debuginfo-1.8.19-25.9.1 subversion-python-1.8.19-25.9.1 subversion-python-debuginfo-1.8.19-25.9.1 subversion-server-1.8.19-25.9.1 subversion-server-debuginfo-1.8.19-25.9.1 subversion-tools-1.8.19-25.9.1 subversion-tools-debuginfo-1.8.19-25.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): subversion-bash-completion-1.8.19-25.9.1 References: https://www.suse.com/security/cve/CVE-2018-11782.html https://www.suse.com/security/cve/CVE-2019-0203.html https://bugzilla.suse.com/1049448 https://bugzilla.suse.com/1142721 https://bugzilla.suse.com/1142743 From sle-updates at lists.suse.com Wed Jul 31 16:18:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:18:46 +0200 (CEST) Subject: SUSE-SU-2019:2031-1: important: Security update for subversion Message-ID: <20190731221846.C6CEAFDF5@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2031-1 Rating: important References: #1142721 #1142743 Cross-References: CVE-2018-11782 CVE-2019-0203 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion to version 1.10.6 fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2031=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2031=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2031=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2031=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-server-1.10.6-3.6.2 subversion-server-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-server-1.10.6-3.6.2 subversion-server-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-python-ctypes-1.10.6-3.6.2 subversion-ruby-1.10.6-3.6.2 subversion-ruby-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-python-ctypes-1.10.6-3.6.2 subversion-ruby-1.10.6-3.6.2 subversion-ruby-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-perl-1.10.6-3.6.2 subversion-perl-debuginfo-1.10.6-3.6.2 subversion-python-1.10.6-3.6.2 subversion-python-debuginfo-1.10.6-3.6.2 subversion-tools-1.10.6-3.6.2 subversion-tools-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): subversion-bash-completion-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-perl-1.10.6-3.6.2 subversion-perl-debuginfo-1.10.6-3.6.2 subversion-python-1.10.6-3.6.2 subversion-python-debuginfo-1.10.6-3.6.2 subversion-tools-1.10.6-3.6.2 subversion-tools-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): subversion-bash-completion-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-devel-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-devel-1.10.6-3.6.2 References: https://www.suse.com/security/cve/CVE-2018-11782.html https://www.suse.com/security/cve/CVE-2019-0203.html https://bugzilla.suse.com/1142721 https://bugzilla.suse.com/1142743