From sle-updates at lists.suse.com Mon Jun 3 04:12:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 12:12:32 +0200 (CEST) Subject: SUSE-RU-2018:3603-3: Recommended update for cmpi-provider-register Message-ID: <20190603101232.40A9CFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmpi-provider-register ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3603-3 Rating: low References: #1072564 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmpi-provider-register provides the following fixes: - Fix the uninstall RPM scriptlets to make sure the upgrade path to SLE-15 works as expected. (bsc#1072564) - Adapt to python3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1401=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1401=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): cmpi-provider-register-1.0.1-7.4.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): cmpi-provider-register-1.0.1-7.4.2 References: https://bugzilla.suse.com/1072564 From sle-updates at lists.suse.com Mon Jun 3 04:16:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 12:16:37 +0200 (CEST) Subject: SUSE-RU-2019:1402-1: moderate: Recommended update for kmod Message-ID: <20190603101637.80BE0FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1402-1 Rating: moderate References: #1097869 #1118629 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kmod fixes the following issues: - Fixes a potential buffer overflow in libkmod (bsc#1118629). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1402=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le): kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod-devel-17-9.12.1 References: https://bugzilla.suse.com/1097869 https://bugzilla.suse.com/1118629 From sle-updates at lists.suse.com Mon Jun 3 07:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 15:11:48 +0200 (CEST) Subject: SUSE-RU-2019:1403-1: moderate: Recommended update for fio Message-ID: <20190603131148.2B58EF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for fio ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1403-1 Rating: moderate References: #1129706 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the performance measurement tool "fio" to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1403=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1403=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1403=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): fio-3.4-4.2.4 fio-debuginfo-3.4-4.2.4 fio-debugsource-3.4-4.2.4 gfio-3.4-4.2.4 gfio-debuginfo-3.4-4.2.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): fio-3.4-4.2.4 fio-debuginfo-3.4-4.2.4 fio-debugsource-3.4-4.2.4 gfio-3.4-4.2.4 gfio-debuginfo-3.4-4.2.4 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le s390x): fio-3.4-4.2.4 fio-debuginfo-3.4-4.2.4 fio-debugsource-3.4-4.2.4 References: https://bugzilla.suse.com/1129706 From sle-updates at lists.suse.com Mon Jun 3 07:14:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 15:14:34 +0200 (CEST) Subject: SUSE-RU-2019:1402-2: moderate: Recommended update for kmod Message-ID: <20190603131434.7EB47F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1402-2 Rating: moderate References: #1097869 #1118629 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kmod fixes the following issues: - Fixes a potential buffer overflow in libkmod (bsc#1118629). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1402=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1402=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1402=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1402=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 s390x x86_64): kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod-devel-17-9.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kmod-17-9.12.1 kmod-compat-17-9.12.1 kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod2-17-9.12.1 libkmod2-debuginfo-17-9.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kmod-17-9.12.1 kmod-compat-17-9.12.1 kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod2-17-9.12.1 libkmod2-debuginfo-17-9.12.1 - SUSE CaaS Platform ALL (x86_64): kmod-17-9.12.1 kmod-compat-17-9.12.1 kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod2-17-9.12.1 libkmod2-debuginfo-17-9.12.1 - SUSE CaaS Platform 3.0 (x86_64): kmod-17-9.12.1 kmod-compat-17-9.12.1 kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod2-17-9.12.1 libkmod2-debuginfo-17-9.12.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kmod-17-9.12.1 kmod-compat-17-9.12.1 kmod-debuginfo-17-9.12.1 kmod-debugsource-17-9.12.1 libkmod2-17-9.12.1 libkmod2-debuginfo-17-9.12.1 References: https://bugzilla.suse.com/1097869 https://bugzilla.suse.com/1118629 From sle-updates at lists.suse.com Mon Jun 3 13:10:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 21:10:33 +0200 (CEST) Subject: SUSE-SU-2019:1405-1: important: Security update for MozillaFirefox Message-ID: <20190603191033.B24DAF7CE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1405-1 Rating: important References: #1135824 Cross-References: CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1405=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1405=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1405=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1405=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.0-3.40.6 MozillaFirefox-debuginfo-60.7.0-3.40.6 MozillaFirefox-debugsource-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.0-3.40.6 MozillaFirefox-debuginfo-60.7.0-3.40.6 MozillaFirefox-debugsource-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.0-3.40.6 MozillaFirefox-debuginfo-60.7.0-3.40.6 MozillaFirefox-debugsource-60.7.0-3.40.6 MozillaFirefox-translations-common-60.7.0-3.40.6 MozillaFirefox-translations-other-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.7.0-3.40.6 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.0-3.40.6 MozillaFirefox-debuginfo-60.7.0-3.40.6 MozillaFirefox-debugsource-60.7.0-3.40.6 MozillaFirefox-devel-60.7.0-3.40.6 MozillaFirefox-translations-common-60.7.0-3.40.6 MozillaFirefox-translations-other-60.7.0-3.40.6 References: https://www.suse.com/security/cve/CVE-2019-11691.html https://www.suse.com/security/cve/CVE-2019-11692.html https://www.suse.com/security/cve/CVE-2019-11693.html https://www.suse.com/security/cve/CVE-2019-11694.html https://www.suse.com/security/cve/CVE-2019-11698.html https://www.suse.com/security/cve/CVE-2019-7317.html https://www.suse.com/security/cve/CVE-2019-9800.html https://www.suse.com/security/cve/CVE-2019-9815.html https://www.suse.com/security/cve/CVE-2019-9816.html https://www.suse.com/security/cve/CVE-2019-9817.html https://www.suse.com/security/cve/CVE-2019-9818.html https://www.suse.com/security/cve/CVE-2019-9819.html https://www.suse.com/security/cve/CVE-2019-9820.html https://bugzilla.suse.com/1135824 From sle-updates at lists.suse.com Mon Jun 3 13:11:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 21:11:29 +0200 (CEST) Subject: SUSE-SU-2019:1407-1: important: Security update for bind Message-ID: <20190603191129.7C3E6F7CE@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1407-1 Rating: important References: #1104129 #1126068 #1126069 #1133185 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1407=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1407=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1407=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1407=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1407=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1407=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.11.2 bind-chrootenv-9.11.2-12.11.2 bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): bind-doc-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.11.2 bind-chrootenv-9.11.2-12.11.2 bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): bind-doc-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 bind-lwresd-9.11.2-12.11.2 bind-lwresd-debuginfo-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 bind-lwresd-9.11.2-12.11.2 bind-lwresd-debuginfo-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 bind-devel-9.11.2-12.11.2 bind-utils-9.11.2-12.11.2 bind-utils-debuginfo-9.11.2-12.11.2 libbind9-160-9.11.2-12.11.2 libbind9-160-debuginfo-9.11.2-12.11.2 libdns169-9.11.2-12.11.2 libdns169-debuginfo-9.11.2-12.11.2 libirs-devel-9.11.2-12.11.2 libirs160-9.11.2-12.11.2 libirs160-debuginfo-9.11.2-12.11.2 libisc166-9.11.2-12.11.2 libisc166-debuginfo-9.11.2-12.11.2 libisccc160-9.11.2-12.11.2 libisccc160-debuginfo-9.11.2-12.11.2 libisccfg160-9.11.2-12.11.2 libisccfg160-debuginfo-9.11.2-12.11.2 liblwres160-9.11.2-12.11.2 liblwres160-debuginfo-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-bind-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.11.2 bind-debugsource-9.11.2-12.11.2 bind-devel-9.11.2-12.11.2 bind-utils-9.11.2-12.11.2 bind-utils-debuginfo-9.11.2-12.11.2 libbind9-160-9.11.2-12.11.2 libbind9-160-debuginfo-9.11.2-12.11.2 libdns169-9.11.2-12.11.2 libdns169-debuginfo-9.11.2-12.11.2 libirs-devel-9.11.2-12.11.2 libirs160-9.11.2-12.11.2 libirs160-debuginfo-9.11.2-12.11.2 libisc166-9.11.2-12.11.2 libisc166-debuginfo-9.11.2-12.11.2 libisccc160-9.11.2-12.11.2 libisccc160-debuginfo-9.11.2-12.11.2 libisccfg160-9.11.2-12.11.2 libisccfg160-debuginfo-9.11.2-12.11.2 liblwres160-9.11.2-12.11.2 liblwres160-debuginfo-9.11.2-12.11.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-bind-9.11.2-12.11.2 References: https://www.suse.com/security/cve/CVE-2018-5740.html https://www.suse.com/security/cve/CVE-2018-5743.html https://www.suse.com/security/cve/CVE-2018-5745.html https://www.suse.com/security/cve/CVE-2019-6465.html https://bugzilla.suse.com/1104129 https://bugzilla.suse.com/1126068 https://bugzilla.suse.com/1126069 https://bugzilla.suse.com/1133185 From sle-updates at lists.suse.com Mon Jun 3 13:12:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 21:12:43 +0200 (CEST) Subject: SUSE-RU-2019:0043-2: Recommended update for acl Message-ID: <20190603191243.80396F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for acl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0043-2 Rating: low References: #953659 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acl fixes the following issues: - quote: Escape literal backslashes (bsc#953659). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-43=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-43=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-43=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl-devel-2.2.52-7.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): acl-2.2.52-7.3.1 acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libacl1-32bit-2.2.52-7.3.1 libacl1-debuginfo-32bit-2.2.52-7.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): acl-2.2.52-7.3.1 acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-32bit-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 libacl1-debuginfo-32bit-2.2.52-7.3.1 References: https://bugzilla.suse.com/953659 From sle-updates at lists.suse.com Mon Jun 3 13:13:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jun 2019 21:13:31 +0200 (CEST) Subject: SUSE-RU-2019:1409-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20190603191331.BDEBAF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1409-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: - Added data for 3_12_61-52_149, 3_12_74-60_64_110, 4_12_14-95_16, 4_4_121-92_104, 4_4_121-92_109, 4_4_178-94_91. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1409=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1409=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1410=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1410=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2019-1410=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.12.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.12.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.44.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.44.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.44.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Tue Jun 4 04:13:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 12:13:02 +0200 (CEST) Subject: SUSE-RU-2019:1414-1: moderate: Recommended update for wireless-regdb Message-ID: <20190604101302.9C073F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1414-1 Rating: moderate References: #1134213 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb provides the following fixes: - Update to version 2019.03.01: (bsc#1134213) * Sync IN with G.S.R. 1048(E). * Update regulatory rules for Sweden (SE) on 2.4/5/60 GHz. * Update 60ghz band rules for US. * Add 5725-5875 MHz rule for Portugal (PT). * Add URLs in README. * Delete outdated comment for DE. * Update source of info for CU and ES. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1414=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1414=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1414=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1414=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1414=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1414=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1414=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1414=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1414=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1414=1 Package List: - SUSE OpenStack Cloud 7 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): wireless-regdb-2019.03.01-4.19.1 - SUSE Enterprise Storage 4 (noarch): wireless-regdb-2019.03.01-4.19.1 References: https://bugzilla.suse.com/1134213 From sle-updates at lists.suse.com Tue Jun 4 04:13:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 12:13:57 +0200 (CEST) Subject: SUSE-RU-2019:1413-1: moderate: Recommended update for yast2-network Message-ID: <20190604101357.7D974F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1413-1 Rating: moderate References: #1105692 #1129012 #1131588 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Display a confirmation popup when the static route is going to be removed after switching a device to DHCP. (bsc#1131588) - autoyast: Use the bus_id of the udev parent device when using virtio netcards and matching the existent rules with the ones defined in the profile. (bsc#1129012) - Showing correct start mode for nfsroot device. (bsc#1105692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1413=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-network-4.0.48-3.17.1 References: https://bugzilla.suse.com/1105692 https://bugzilla.suse.com/1129012 https://bugzilla.suse.com/1131588 From sle-updates at lists.suse.com Tue Jun 4 04:14:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 12:14:55 +0200 (CEST) Subject: SUSE-RU-2019:1412-1: moderate: Recommended update for wireless-regdb Message-ID: <20190604101455.B6151F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1412-1 Rating: moderate References: #1134213 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb provides the following fixes: - Update to version 2019.03.01: (bsc#1134213) * Sync IN with G.S.R. 1048(E). * Update regulatory rules for Sweden (SE) on 2.4/5/60 GHz. * Update 60ghz band rules for US. * Add 5725-5875 MHz rule for Portugal (PT). * Add URLs in README. * Delete outdated comment for DE. * Update source of info for CU and ES. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1412=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): wireless-regdb-2019.03.01-3.11.1 References: https://bugzilla.suse.com/1134213 From sle-updates at lists.suse.com Tue Jun 4 10:12:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 18:12:26 +0200 (CEST) Subject: SUSE-RU-2019:1415-1: moderate: Recommended update for fping Message-ID: <20190604161226.0EF68FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for fping ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1415-1 Rating: moderate References: #1133988 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fping fixes the following issues: - Fix fping on servers with disabled IPv6 [bsc#1133988] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1415=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1415=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): fping-4.0-4.3.2 fping-debuginfo-4.0-4.3.2 fping-debugsource-4.0-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): fping-4.0-4.3.2 fping-debuginfo-4.0-4.3.2 fping-debugsource-4.0-4.3.2 References: https://bugzilla.suse.com/1133988 From sle-updates at lists.suse.com Tue Jun 4 13:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 21:10:22 +0200 (CEST) Subject: SUSE-RU-2019:1416-1: moderate: Recommended update for yast2-users Message-ID: <20190604191022.DCB4CFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1416-1 Rating: moderate References: #1134970 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users provides the following fixes: - Fix the user creation in the installed systems, creating the user's home as a plain directory or as a Btrfs subvolume. (bsc#1134970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1416=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-users-4.1.13-3.3.6 yast2-users-debuginfo-4.1.13-3.3.6 yast2-users-debugsource-4.1.13-3.3.6 References: https://bugzilla.suse.com/1134970 From sle-updates at lists.suse.com Tue Jun 4 13:11:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jun 2019 21:11:06 +0200 (CEST) Subject: SUSE-RU-2019:1417-1: moderate: Recommended update for libselinux, policycoreutils, setools Message-ID: <20190604191106.2853EFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libselinux, policycoreutils, setools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1417-1 Rating: moderate References: #1130097 #1136515 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module Python2 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libselinux, policycoreutils, setools fixes the following issues: This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097) Also necessary dependencies for this package have been included in the update. python2-setools and python3-setools are shipped instead of python-setools. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1417=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1417=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1417=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1417=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1417=1 - SUSE Linux Enterprise Module Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1417=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 setools-tcl-3.3.8-4.7.1 setools-tcl-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 setools-tcl-3.3.8-4.7.1 setools-tcl-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libselinux-bindings-debugsource-2.6-4.3.8 libselinux-debugsource-2.6-4.3.6 libselinux-devel-static-2.6-4.3.6 policycoreutils-debuginfo-2.6-5.3.8 policycoreutils-debugsource-2.6-5.3.8 policycoreutils-python-2.6-5.3.8 policycoreutils-python-debuginfo-2.6-5.3.8 policycoreutils-sandbox-2.6-5.3.8 policycoreutils-sandbox-debuginfo-2.6-5.3.8 python-semanage-debugsource-2.6-3.2.9 python2-semanage-2.6-3.2.9 python2-semanage-debuginfo-2.6-3.2.9 ruby-selinux-2.6-4.3.8 ruby-selinux-debuginfo-2.6-4.3.8 setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 setools-gui-3.3.8-4.7.1 setools-gui-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-ipy-0.81-3.2.8 python-networkx-doc-2.0-3.2.8 python2-networkx-2.0-3.2.8 python3-networkx-2.0-3.2.8 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-devel-3.3.8-4.7.1 setools-java-3.3.8-4.7.1 setools-java-debuginfo-3.3.8-4.7.1 setools-libs-3.3.8-4.7.1 setools-libs-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-networkx-2.0-3.2.8 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libselinux-bindings-debugsource-2.6-4.3.8 libselinux-debugsource-2.6-4.3.6 libselinux-devel-2.6-4.3.6 libselinux1-2.6-4.3.6 libselinux1-debuginfo-2.6-4.3.6 policycoreutils-2.6-5.3.8 policycoreutils-debuginfo-2.6-5.3.8 policycoreutils-debugsource-2.6-5.3.8 policycoreutils-newrole-2.6-5.3.8 policycoreutils-newrole-debuginfo-2.6-5.3.8 policycoreutils-python-2.6-5.3.8 policycoreutils-python-debuginfo-2.6-5.3.8 python-semanage-debugsource-2.6-3.2.9 python2-selinux-2.6-4.3.8 python2-selinux-debuginfo-2.6-4.3.8 python2-semanage-2.6-3.2.9 python2-semanage-debuginfo-2.6-3.2.9 python2-setools-3.3.8-4.7.1 python2-setools-debuginfo-3.3.8-4.7.1 python3-selinux-2.6-4.3.8 python3-selinux-debuginfo-2.6-4.3.8 python3-semanage-2.6-3.2.9 python3-semanage-debuginfo-2.6-3.2.9 python3-setools-3.3.8-4.7.1 python3-setools-debuginfo-3.3.8-4.7.1 selinux-tools-2.6-4.3.6 selinux-tools-debuginfo-2.6-4.3.6 setools-console-3.3.8-4.7.1 setools-console-debuginfo-3.3.8-4.7.1 setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 setools-devel-3.3.8-4.7.1 setools-java-3.3.8-4.7.1 setools-java-debuginfo-3.3.8-4.7.1 setools-libs-3.3.8-4.7.1 setools-libs-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libselinux1-32bit-2.6-4.3.5 libselinux1-32bit-debuginfo-2.6-4.3.5 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): policycoreutils-lang-2.6-5.3.8 python-ipy-0.81-3.2.8 python2-networkx-2.0-3.2.8 - SUSE Linux Enterprise Module Python2 15-SP1 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 References: https://bugzilla.suse.com/1130097 https://bugzilla.suse.com/1136515 From sle-updates at lists.suse.com Wed Jun 5 06:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 14:10:52 +0200 (CEST) Subject: SUSE-SU-2019:1422-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) Message-ID: <20190605121052.738FBFD17@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1422-1 Rating: important References: #1131390 Cross-References: CVE-2018-14734 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_96 fixes one issue. The following security issue was fixed: - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free) (bsc#1131390). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1428=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1421=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1428=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1421=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1419=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1422=1 SUSE-SLE-Live-Patching-12-SP3-2019-1426=1 SUSE-SLE-Live-Patching-12-SP3-2019-1427=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_85-default-8-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_96-default-10-2.1 kgraft-patch-3_12_74-60_64_96-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_85-default-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_96-default-10-2.1 kgraft-patch-3_12_74-60_64_96-xen-10-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_136-default-10-2.1 kgraft-patch-3_12_61-52_136-xen-10-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_132-94_33-default-10-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-10-2.1 kgraft-patch-4_4_138-94_39-default-8-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-8-2.1 kgraft-patch-4_4_140-94_42-default-8-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-14734.html https://bugzilla.suse.com/1131390 From sle-updates at lists.suse.com Wed Jun 5 06:11:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 14:11:36 +0200 (CEST) Subject: SUSE-SU-2019:1423-1: important: Security update for libvirt Message-ID: <20190605121136.E560CFD17@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1423-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1423=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libvirt-1.2.5-27.16.1 libvirt-client-1.2.5-27.16.1 libvirt-client-debuginfo-1.2.5-27.16.1 libvirt-daemon-1.2.5-27.16.1 libvirt-daemon-config-network-1.2.5-27.16.1 libvirt-daemon-config-nwfilter-1.2.5-27.16.1 libvirt-daemon-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-interface-1.2.5-27.16.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-lxc-1.2.5-27.16.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-network-1.2.5-27.16.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-nodedev-1.2.5-27.16.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-nwfilter-1.2.5-27.16.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-qemu-1.2.5-27.16.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-secret-1.2.5-27.16.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.16.1 libvirt-daemon-driver-storage-1.2.5-27.16.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.16.1 libvirt-daemon-lxc-1.2.5-27.16.1 libvirt-daemon-qemu-1.2.5-27.16.1 libvirt-debugsource-1.2.5-27.16.1 libvirt-doc-1.2.5-27.16.1 libvirt-lock-sanlock-1.2.5-27.16.1 libvirt-lock-sanlock-debuginfo-1.2.5-27.16.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.5-27.16.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.16.1 libvirt-daemon-xen-1.2.5-27.16.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Wed Jun 5 07:10:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 15:10:48 +0200 (CEST) Subject: SUSE-SU-2019:1425-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) Message-ID: <20190605131048.322AEFD17@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1425-1 Rating: important References: #1102682 Cross-References: CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_110- fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1425=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1424=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1425=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1424=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1420=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_109-default-2-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_110-default-2-2.1 kgraft-patch-3_12_74-60_64_110-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_109-default-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_110-default-2-2.1 kgraft-patch-3_12_74-60_64_110-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_149-default-2-2.1 kgraft-patch-3_12_61-52_149-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 From sle-updates at lists.suse.com Wed Jun 5 10:12:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 18:12:29 +0200 (CEST) Subject: SUSE-RU-2019:1429-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20190605161229.854ECFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1429-1 Rating: moderate References: #1126149 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - will now get proper RBD image information - ses: add `ceph health detail` (bsc#1126149) - adding radosgw-admin period get Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1429=1 Package List: - SUSE Enterprise Storage 5 (noarch): supportutils-plugin-ses-5.0+git.1556600643.da33e39-3.9.1 References: https://bugzilla.suse.com/1126149 From sle-updates at lists.suse.com Wed Jun 5 13:17:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 21:17:30 +0200 (CEST) Subject: SUSE-RU-2019:1430-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20190605191730.37732FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1430-1 Rating: moderate References: #1111828 #1132835 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - SAP Installation Wizard conflicts SMB passwords with special characters. (bsc#1132835) - SAP Installation Wizard fails to install from SMB due to missing smb mount parameter. (bsc#1111828) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1430=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sap-installation-wizard-3.1.81.18-3.7.1 References: https://bugzilla.suse.com/1111828 https://bugzilla.suse.com/1132835 From sle-updates at lists.suse.com Wed Jun 5 13:19:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jun 2019 21:19:22 +0200 (CEST) Subject: SUSE-RU-2019:1431-1: moderate: Recommended update for xz Message-ID: <20190605191922.A9060FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for xz ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1431-1 Rating: moderate References: #1135709 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xz does only update the license: - Add SUSE-Public-Domain license as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain license (bsc#1135709) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1431=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1431=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1431=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1431=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1431=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1431=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1431=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1431=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1431=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1431=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1431=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1431=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1431=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1431=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1431=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE OpenStack Cloud 7 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 xz-devel-5.0.5-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 xz-devel-5.0.5-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): xz-lang-5.0.5-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): liblzma5-32bit-5.0.5-6.3.1 liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-32bit-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Enterprise Storage 4 (x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE Enterprise Storage 4 (noarch): xz-lang-5.0.5-6.3.1 - SUSE CaaS Platform ALL (x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - SUSE CaaS Platform 3.0 (x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): liblzma5-5.0.5-6.3.1 liblzma5-debuginfo-5.0.5-6.3.1 xz-5.0.5-6.3.1 xz-debuginfo-5.0.5-6.3.1 xz-debugsource-5.0.5-6.3.1 References: https://bugzilla.suse.com/1135709 From sle-updates at lists.suse.com Thu Jun 6 07:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 15:11:48 +0200 (CEST) Subject: SUSE-RU-2019:14072-1: moderate: Recommended update for drbd Message-ID: <20190606131148.A0B3EFDA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14072-1 Rating: moderate References: #1118563 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fix re-sync finishing detection. (bsc#1118563) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-drbd-14072=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): drbd-8.4.4-0.27.9.1 drbd-bash-completion-8.4.4-0.27.9.1 drbd-heartbeat-8.4.4-0.27.9.1 drbd-kmp-default-8.4.4_3.0.101_108.90-0.27.9.1 drbd-kmp-trace-8.4.4_3.0.101_108.90-0.27.9.1 drbd-pacemaker-8.4.4-0.27.9.1 drbd-udev-8.4.4-0.27.9.1 drbd-utils-8.4.4-0.27.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): drbd-kmp-xen-8.4.4_3.0.101_108.90-0.27.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): drbd-kmp-bigmem-8.4.4_3.0.101_108.90-0.27.9.1 drbd-kmp-ppc64-8.4.4_3.0.101_108.90-0.27.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): drbd-kmp-pae-8.4.4_3.0.101_108.90-0.27.9.1 References: https://bugzilla.suse.com/1118563 From sle-updates at lists.suse.com Thu Jun 6 10:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 18:11:31 +0200 (CEST) Subject: SUSE-RU-2019:1434-1: moderate: Recommended update for the SUSE Manager 4.0 release notes Message-ID: <20190606161131.36D2EFDA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 4.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1434-1 Rating: moderate References: #1132076 #1136687 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the SUSE Manager 4.0 Release Notes provides the following additions: - Update to version 4.0.0 (final) - include proxy release notes HTML page to show it in the Web UI (bsc#1137329) - align stylesheet to standard SUSE look - fix dependencies (bsc#1136687) - Configuration of SUSE Manager Retail Branch Server with multiple network interfaces added (bsc#1132076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-1434=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2019-1434=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2019-1434=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1434=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.0-3.8.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.0-0.16.8.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.0-0.16.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0.0-3.8.1 release-notes-susemanager-proxy-4.0.0-0.16.8.1 References: https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1136687 From sle-updates at lists.suse.com Thu Jun 6 10:12:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 18:12:18 +0200 (CEST) Subject: SUSE-SU-2019:1437-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15) Message-ID: <20190606161219.00072FDA3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1437-1 Rating: important References: #1131390 Cross-References: CVE-2018-14734 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_3 fixes one issue. The following security issue was fixed: - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free) (bsc#1131390). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1437=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_3-default-9-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-9-2.1 References: https://www.suse.com/security/cve/CVE-2018-14734.html https://bugzilla.suse.com/1131390 From sle-updates at lists.suse.com Thu Jun 6 10:12:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 18:12:58 +0200 (CEST) Subject: SUSE-RU-2019:1436-1: moderate: Recommended update for lvm2 Message-ID: <20190606161258.2D338FDA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1436-1 Rating: moderate References: #1095960 #1127219 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Sending BLKDISCARD on SSD devices could lead to data loss in test mode (bsc#1095960) - Fix the wrong filter for the cdrom device in /etc/lvm/lvm.conf (bsc#1127219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1436=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1436=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1436=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): lvm2-debuginfo-2.02.177-7.3.1 lvm2-debugsource-2.02.177-7.3.1 lvm2-testsuite-2.02.177-7.3.1 lvm2-testsuite-debuginfo-2.02.177-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.146-7.3.1 device-mapper-debuginfo-1.02.146-7.3.1 device-mapper-debugsource-1.02.146-7.3.1 device-mapper-devel-1.02.146-7.3.1 libdevmapper-event1_03-1.02.146-7.3.1 libdevmapper-event1_03-debuginfo-1.02.146-7.3.1 libdevmapper1_03-1.02.146-7.3.1 libdevmapper1_03-debuginfo-1.02.146-7.3.1 liblvm2app2_2-2.02.177-7.3.1 liblvm2app2_2-debuginfo-2.02.177-7.3.1 liblvm2cmd2_02-2.02.177-7.3.1 liblvm2cmd2_02-debuginfo-2.02.177-7.3.1 lvm2-2.02.177-7.3.1 lvm2-debuginfo-2.02.177-7.3.1 lvm2-debugsource-2.02.177-7.3.1 lvm2-devel-2.02.177-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libdevmapper1_03-32bit-1.02.146-7.3.1 libdevmapper1_03-32bit-debuginfo-1.02.146-7.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): lvm2-clvm-2.02.177-7.3.1 lvm2-clvm-debuginfo-2.02.177-7.3.1 lvm2-clvm-debugsource-2.02.177-7.3.1 lvm2-cmirrord-2.02.177-7.3.1 lvm2-cmirrord-debuginfo-2.02.177-7.3.1 lvm2-lockd-2.02.177-7.3.1 lvm2-lockd-debuginfo-2.02.177-7.3.1 References: https://bugzilla.suse.com/1095960 https://bugzilla.suse.com/1127219 From sle-updates at lists.suse.com Thu Jun 6 10:13:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 18:13:51 +0200 (CEST) Subject: SUSE-OU-2019:1435-1: Optional update for btrfsprogs Message-ID: <20190606161351.6ED01FDA3@maintenance.suse.de> SUSE Optional Update: Optional update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:1435-1 Rating: low References: #1134458 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for btrfsprogs doesn't bring any customer relevant bugfixes or features with it, but only fixes an issue while building this package (bsc#1134458) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1435=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1435=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1435=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1435=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1435=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1435=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1435=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs-devel-4.5.3-17.11.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs-devel-4.5.3-17.11.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - SUSE CaaS Platform ALL (x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE CaaS Platform ALL (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - SUSE CaaS Platform 3.0 (x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 libbtrfs0-4.5.3-17.11.2 libbtrfs0-debuginfo-4.5.3-17.11.2 - SUSE CaaS Platform 3.0 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - OpenStack Cloud Magnum Orchestration 7 (noarch): btrfsprogs-udev-rules-4.5.3-17.11.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): btrfsprogs-4.5.3-17.11.2 btrfsprogs-debuginfo-4.5.3-17.11.2 btrfsprogs-debugsource-4.5.3-17.11.2 References: https://bugzilla.suse.com/1134458 From sle-updates at lists.suse.com Thu Jun 6 13:10:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 21:10:58 +0200 (CEST) Subject: SUSE-SU-2019:1438-1: important: Security update for libvirt Message-ID: <20190606191058.4CA1EFEA9@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1438-1 Rating: important References: #1111331 #1131595 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3886 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other security issues fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). - qemu: Add support for using AES secret for SCSI hotplug Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1438=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1438=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1438=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1438=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1438=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.54.1 libvirt-client-2.0.0-27.54.1 libvirt-client-debuginfo-2.0.0-27.54.1 libvirt-daemon-2.0.0-27.54.1 libvirt-daemon-config-network-2.0.0-27.54.1 libvirt-daemon-config-nwfilter-2.0.0-27.54.1 libvirt-daemon-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-interface-2.0.0-27.54.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-lxc-2.0.0-27.54.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-network-2.0.0-27.54.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-qemu-2.0.0-27.54.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-secret-2.0.0-27.54.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-storage-2.0.0-27.54.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.54.1 libvirt-daemon-hooks-2.0.0-27.54.1 libvirt-daemon-lxc-2.0.0-27.54.1 libvirt-daemon-qemu-2.0.0-27.54.1 libvirt-debugsource-2.0.0-27.54.1 libvirt-doc-2.0.0-27.54.1 libvirt-lock-sanlock-2.0.0-27.54.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.54.1 libvirt-nss-2.0.0-27.54.1 libvirt-nss-debuginfo-2.0.0-27.54.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.54.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.54.1 libvirt-daemon-xen-2.0.0-27.54.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.54.1 libvirt-client-2.0.0-27.54.1 libvirt-client-debuginfo-2.0.0-27.54.1 libvirt-daemon-2.0.0-27.54.1 libvirt-daemon-config-network-2.0.0-27.54.1 libvirt-daemon-config-nwfilter-2.0.0-27.54.1 libvirt-daemon-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-interface-2.0.0-27.54.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-lxc-2.0.0-27.54.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-network-2.0.0-27.54.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-qemu-2.0.0-27.54.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-secret-2.0.0-27.54.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-storage-2.0.0-27.54.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.54.1 libvirt-daemon-hooks-2.0.0-27.54.1 libvirt-daemon-lxc-2.0.0-27.54.1 libvirt-daemon-qemu-2.0.0-27.54.1 libvirt-debugsource-2.0.0-27.54.1 libvirt-doc-2.0.0-27.54.1 libvirt-lock-sanlock-2.0.0-27.54.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.54.1 libvirt-nss-2.0.0-27.54.1 libvirt-nss-debuginfo-2.0.0-27.54.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.54.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.54.1 libvirt-daemon-xen-2.0.0-27.54.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.54.1 libvirt-client-2.0.0-27.54.1 libvirt-client-debuginfo-2.0.0-27.54.1 libvirt-daemon-2.0.0-27.54.1 libvirt-daemon-config-network-2.0.0-27.54.1 libvirt-daemon-config-nwfilter-2.0.0-27.54.1 libvirt-daemon-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-interface-2.0.0-27.54.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-lxc-2.0.0-27.54.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-network-2.0.0-27.54.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-qemu-2.0.0-27.54.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-secret-2.0.0-27.54.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-storage-2.0.0-27.54.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.54.1 libvirt-daemon-hooks-2.0.0-27.54.1 libvirt-daemon-lxc-2.0.0-27.54.1 libvirt-daemon-qemu-2.0.0-27.54.1 libvirt-debugsource-2.0.0-27.54.1 libvirt-doc-2.0.0-27.54.1 libvirt-lock-sanlock-2.0.0-27.54.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.54.1 libvirt-nss-2.0.0-27.54.1 libvirt-nss-debuginfo-2.0.0-27.54.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.54.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.54.1 libvirt-daemon-xen-2.0.0-27.54.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.54.1 libvirt-client-2.0.0-27.54.1 libvirt-client-debuginfo-2.0.0-27.54.1 libvirt-daemon-2.0.0-27.54.1 libvirt-daemon-config-network-2.0.0-27.54.1 libvirt-daemon-config-nwfilter-2.0.0-27.54.1 libvirt-daemon-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-interface-2.0.0-27.54.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-libxl-2.0.0-27.54.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-lxc-2.0.0-27.54.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-network-2.0.0-27.54.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-qemu-2.0.0-27.54.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-secret-2.0.0-27.54.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-storage-2.0.0-27.54.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.54.1 libvirt-daemon-hooks-2.0.0-27.54.1 libvirt-daemon-lxc-2.0.0-27.54.1 libvirt-daemon-qemu-2.0.0-27.54.1 libvirt-daemon-xen-2.0.0-27.54.1 libvirt-debugsource-2.0.0-27.54.1 libvirt-doc-2.0.0-27.54.1 libvirt-lock-sanlock-2.0.0-27.54.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.54.1 libvirt-nss-2.0.0-27.54.1 libvirt-nss-debuginfo-2.0.0-27.54.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.54.1 libvirt-client-2.0.0-27.54.1 libvirt-client-debuginfo-2.0.0-27.54.1 libvirt-daemon-2.0.0-27.54.1 libvirt-daemon-config-network-2.0.0-27.54.1 libvirt-daemon-config-nwfilter-2.0.0-27.54.1 libvirt-daemon-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-interface-2.0.0-27.54.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-libxl-2.0.0-27.54.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-lxc-2.0.0-27.54.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-network-2.0.0-27.54.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-2.0.0-27.54.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-2.0.0-27.54.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-qemu-2.0.0-27.54.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-secret-2.0.0-27.54.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.54.1 libvirt-daemon-driver-storage-2.0.0-27.54.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.54.1 libvirt-daemon-hooks-2.0.0-27.54.1 libvirt-daemon-lxc-2.0.0-27.54.1 libvirt-daemon-qemu-2.0.0-27.54.1 libvirt-daemon-xen-2.0.0-27.54.1 libvirt-debugsource-2.0.0-27.54.1 libvirt-doc-2.0.0-27.54.1 libvirt-lock-sanlock-2.0.0-27.54.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.54.1 libvirt-nss-2.0.0-27.54.1 libvirt-nss-debuginfo-2.0.0-27.54.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1131595 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Thu Jun 6 13:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 21:12:09 +0200 (CEST) Subject: SUSE-SU-2019:1439-1: important: Security update for python Message-ID: <20190606191209.43CF3FEA9@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1439-1 Rating: important References: #1129346 #1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1439=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1439=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1439=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1439=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1439=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1439=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1439=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1439=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1439=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1439=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1439=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1439=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1439=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1439=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1439=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-strict-tls-check-2.7.13-28.26.1 - SUSE Enterprise Storage 4 (noarch): python-doc-2.7.13-28.26.1 python-doc-pdf-2.7.13-28.26.1 - SUSE Enterprise Storage 4 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-32bit-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.26.1 python-2.7.13-28.26.1 python-32bit-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-32bit-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debuginfo-32bit-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-curses-2.7.13-28.26.1 python-curses-debuginfo-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debuginfo-32bit-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-demo-2.7.13-28.26.1 python-devel-2.7.13-28.26.1 python-gdbm-2.7.13-28.26.1 python-gdbm-debuginfo-2.7.13-28.26.1 python-idle-2.7.13-28.26.1 python-tk-2.7.13-28.26.1 python-tk-debuginfo-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.26.1 libpython2_7-1_0-debuginfo-2.7.13-28.26.1 python-2.7.13-28.26.1 python-base-2.7.13-28.26.1 python-base-debuginfo-2.7.13-28.26.1 python-base-debugsource-2.7.13-28.26.1 python-debuginfo-2.7.13-28.26.1 python-debugsource-2.7.13-28.26.1 python-xml-2.7.13-28.26.1 python-xml-debuginfo-2.7.13-28.26.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9948.html https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130847 From sle-updates at lists.suse.com Thu Jun 6 13:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jun 2019 21:13:00 +0200 (CEST) Subject: SUSE-SU-2019:1440-1: moderate: Security update for rubygem-rack Message-ID: <20190606191300.A7A01FEA9@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1440-1 Rating: moderate References: #1114828 #1116600 Cross-References: CVE-2018-16471 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method (bsc#1116600). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1440=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1440=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1440=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-rack-1.6.11-3.3.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-rack-1.6.11-3.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-rack-1.6.11-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16471.html https://bugzilla.suse.com/1114828 https://bugzilla.suse.com/1116600 From sle-updates at lists.suse.com Thu Jun 6 16:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 00:10:43 +0200 (CEST) Subject: SUSE-SU-2019:1441-1: important: Recommended update for mariadb, mariadb-connector-c Message-ID: <20190606221043.8C520FEA9@maintenance.suse.de> SUSE Security Update: Recommended update for mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1441-1 Rating: important References: #1013882 #1064113 #1064114 #1072167 #1101676 #1101677 #1101678 #1103342 #1112368 #1112377 #1112384 #1112386 #1112391 #1112397 #1112404 #1112415 #1112417 #1112421 #1112432 #1112767 #1116686 #1118754 #1120041 #1122198 #1122475 #1127027 Cross-References: CVE-2016-9843 CVE-2017-10320 CVE-2017-10365 CVE-2017-15365 CVE-2018-2759 CVE-2018-2777 CVE-2018-2786 CVE-2018-2810 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has two fixes is now available. Description: This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed: - Update to MariaDB 10.2.22 GA: * CVE-2019-2510: (bsc#1122198) * CVE-2019-2537: (bsc#1122198) - Update to MariaDB 10.2.19 GA (bsc#1116686): * CVE-2018-3282: (bsc#1112432) * CVE-2016-9843: (bsc#1013882) * CVE-2018-3174: (bsc#1112368) * CVE-2018-3143: (bsc#1112421) * CVE-2018-3156: (bsc#1112417) * CVE-2018-3251: (bsc#1112397) * CVE-2018-3185: (bsc#1112384) * CVE-2018-3277: (bsc#1112391) * CVE-2018-3162: (bsc#1112415) * CVE-2018-3173: (bsc#1112386) * CVE-2018-3200: (bsc#1112404) * CVE-2018-3284: (bsc#1112377) - Update to MariaDB 10.2.18 GA: * CVE-2017-10320: (bsc#1064113) * CVE-2017-10365: (bsc#1064114) * CVE-2017-15365: (bsc#1072167) * CVE-2018-3058: (bsc#1101676) * CVE-2018-3063: (bsc#1101677) * CVE-2018-3064: (bsc#1103342) * CVE-2018-3066: (bsc#1101678) * CVE-2018-2759, CVE-2018-2777, CVE-2018-2786, CVE-2018-2810, CVE-2018-3060 Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Fixed database corruption after renaming a prefix-indexed column (bsc#1120041). - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1441=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): mariadb-10.2.22-10.1 mariadb-client-10.2.22-10.1 mariadb-client-debuginfo-10.2.22-10.1 mariadb-debuginfo-10.2.22-10.1 mariadb-debugsource-10.2.22-10.1 mariadb-tools-10.2.22-10.1 mariadb-tools-debuginfo-10.2.22-10.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libmariadb3-3.0.7-1.6.1 - SUSE OpenStack Cloud 7 (noarch): mariadb-errormessages-10.2.22-10.1 - SUSE OpenStack Cloud 7 (x86_64): mariadb-galera-10.2.22-10.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-10320.html https://www.suse.com/security/cve/CVE-2017-10365.html https://www.suse.com/security/cve/CVE-2017-15365.html https://www.suse.com/security/cve/CVE-2018-2759.html https://www.suse.com/security/cve/CVE-2018-2777.html https://www.suse.com/security/cve/CVE-2018-2786.html https://www.suse.com/security/cve/CVE-2018-2810.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3060.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3162.html https://www.suse.com/security/cve/CVE-2018-3173.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3185.html https://www.suse.com/security/cve/CVE-2018-3200.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3277.html https://www.suse.com/security/cve/CVE-2018-3282.html https://www.suse.com/security/cve/CVE-2018-3284.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1064113 https://bugzilla.suse.com/1064114 https://bugzilla.suse.com/1072167 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112377 https://bugzilla.suse.com/1112384 https://bugzilla.suse.com/1112386 https://bugzilla.suse.com/1112391 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112404 https://bugzilla.suse.com/1112415 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 https://bugzilla.suse.com/1120041 https://bugzilla.suse.com/1122198 https://bugzilla.suse.com/1122475 https://bugzilla.suse.com/1127027 From sle-updates at lists.suse.com Thu Jun 6 16:14:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 00:14:45 +0200 (CEST) Subject: SUSE-SU-2019:14074-1: important: Security update for bind Message-ID: <20190606221445.A1A9EFEA9@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14074-1 Rating: important References: #1104129 #1126068 #1126069 #1133185 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bind-14074=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-14074=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-14074=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-14074=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bind-9.9.6P1-0.51.15.4 bind-chrootenv-9.9.6P1-0.51.15.4 bind-doc-9.9.6P1-0.51.15.4 bind-libs-9.9.6P1-0.51.15.4 bind-utils-9.9.6P1-0.51.15.4 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.15.4 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.51.15.4 bind-chrootenv-9.9.6P1-0.51.15.4 bind-devel-9.9.6P1-0.51.15.4 bind-doc-9.9.6P1-0.51.15.4 bind-libs-9.9.6P1-0.51.15.4 bind-utils-9.9.6P1-0.51.15.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.15.4 bind-debugsource-9.9.6P1-0.51.15.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.15.4 bind-debugsource-9.9.6P1-0.51.15.4 References: https://www.suse.com/security/cve/CVE-2018-5740.html https://www.suse.com/security/cve/CVE-2018-5743.html https://www.suse.com/security/cve/CVE-2018-5745.html https://www.suse.com/security/cve/CVE-2019-6465.html https://bugzilla.suse.com/1104129 https://bugzilla.suse.com/1126068 https://bugzilla.suse.com/1126069 https://bugzilla.suse.com/1133185 From sle-updates at lists.suse.com Fri Jun 7 07:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 15:10:34 +0200 (CEST) Subject: SUSE-RU-2019:1445-1: moderate: Recommended update for resource-agents Message-ID: <20190607131034.BF90FFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1445-1 Rating: moderate References: #1137038 #1137231 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixes a byte conversion error (bsc#1137038, bsc#1137231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1445=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.1.1+git0.5a1edf2b-3.17.1 resource-agents-4.1.1+git0.5a1edf2b-3.17.1 resource-agents-debuginfo-4.1.1+git0.5a1edf2b-3.17.1 resource-agents-debugsource-4.1.1+git0.5a1edf2b-3.17.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.1.1+git0.5a1edf2b-3.17.1 References: https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137231 From sle-updates at lists.suse.com Fri Jun 7 10:10:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 18:10:58 +0200 (CEST) Subject: SUSE-RU-2019:1447-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20190607161058.8FFA5FFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1447-1 Rating: moderate References: #1119137 #1135487 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sap-suse-cluster-connector fixes the following issues: - Support groups and primitives names containing dashes. (bsc#1135487) - Adjust detection of cluster resources, if multiple SAPInstance resource are found. - Fix smm function, add set_maintenance_mode function and split function list_sap_resources into a frontend (list_sap_resources) and a backend (get_resource_and_status) to get a proper smm handling in sap_suse_cluster_connector. (bsc#1119137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2019-1447=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sap-suse-cluster-connector-3.1.1-7.3.1 References: https://bugzilla.suse.com/1119137 https://bugzilla.suse.com/1135487 From sle-updates at lists.suse.com Fri Jun 7 10:11:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 18:11:45 +0200 (CEST) Subject: SUSE-SU-2019:1449-1: important: Security update for bind Message-ID: <20190607161145.3598EFFBE@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1449-1 Rating: important References: #1104129 #1126068 #1126069 #1133185 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1449=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.42.1 bind-chrootenv-9.9.9P1-28.42.1 bind-debuginfo-9.9.9P1-28.42.1 bind-debugsource-9.9.9P1-28.42.1 bind-devel-9.9.9P1-28.42.1 bind-libs-9.9.9P1-28.42.1 bind-libs-debuginfo-9.9.9P1-28.42.1 bind-utils-9.9.9P1-28.42.1 bind-utils-debuginfo-9.9.9P1-28.42.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.42.1 bind-libs-debuginfo-32bit-9.9.9P1-28.42.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.42.1 References: https://www.suse.com/security/cve/CVE-2018-5740.html https://www.suse.com/security/cve/CVE-2018-5743.html https://www.suse.com/security/cve/CVE-2018-5745.html https://www.suse.com/security/cve/CVE-2019-6465.html https://bugzilla.suse.com/1104129 https://bugzilla.suse.com/1126068 https://bugzilla.suse.com/1126069 https://bugzilla.suse.com/1133185 From sle-updates at lists.suse.com Fri Jun 7 10:12:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 18:12:45 +0200 (CEST) Subject: SUSE-SU-2019:1450-1: moderate: Security update for Cloud7 packages Message-ID: <20190607161245.DB8E3FFBE@maintenance.suse.de> SUSE Security Update: Security update for Cloud7 packages ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1450-1 Rating: moderate References: #1063535 #1074662 #1112767 #1113107 #1118004 #1120767 #1122053 #1122875 #1123709 #1127558 #1127752 #1128954 #1128987 #1130414 #1131053 Cross-References: CVE-2017-1000433 CVE-2018-1000872 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 13 fixes is now available. Description: This update provides fixes for the following packages issues: caasp-openstack-heat-templates: - Update to version 1.0+git.1553079189.3bf8922: * SCRD-2813 Add support for CPI parameters - Update to version 1.0+git.1547562889.43707e7: * Switch LB protocol from HTTP to HTTPS crowbar: - Update to version 4.0+git.1551088848.823bcaa3: * install-chef-suse: filter comments from authorized_keys file crowbar-core: - Update to version 4.0+git.1556285635.ab602dd4d: * network: run wicked ifdown for interface cleanup (bsc#1063535) - Update to version 4.0+git.1554931881.d98412e0e: * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update to version 4.0+git.1552239940.5bc9aaac4: * crowbar: Do not rely on Chef::Util::FileEdit to write the file (bsc#1127752) - Update to version 4.0+git.1550493400.9787ea9ad: * upgrade: Delay status switch after upgrade ends - Update to version 4.0+git.1549474445.d9a35cf52: * fix hound warning * Support RAID 0 - Packaged default upgrade timeouts file - Update to version 4.0+git.1549136953.afcde921f: * apache2: enable sslsessioncache - Update to version 4.0+git.1548859099.0edbbfdc2: * upgrade: Add default upgrade timeouts file crowbar-ha: - Update to version 4.0+git.1556181005.47c643d: * pacemaker: wait more for founder if SBD is configured (SCRD-8462) * pacemaker: don't check cluster members on founder (SCRD-8462) - Update to version 4.0+git.1554215159.8a42a71: * improve galera HA setup (bsc#1122875) crowbar-openstack: - Update to version 4.0+git.1554887450.ff7c30c1c: * neutron: Added option to use L3 HA with Keepalived - Update to version 4.0+git.1554843756.5622551da: * ironic: Fix regression in helper - Update to version 4.0+git.1554814630.ec3c89f25: * ceilometer: Install package which contains cron file (bsc#1130414) - Update to version 4.0+git.1551459192.89433e13b: * rabbit: fix mirroring regex - Update to version 4.0+git.1550582615.f6b433ec7: * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107) - Update to version 4.0+git.1550262335.9667fa580: * mysql: Do not set a custom logfile for mysqld (bsc#1112767) * mysql: create .my.cnf in root home directory for mysql cmdline - Update to version 4.0+git.1549986893.df836d6cc: * mariadb: Remove installing the xtrabackup package * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709) galera-python-clustercheck: - readtimeout.patch: Add socket read timeout (bsc#1122053) openstack-ceilometer: - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer This is needed in a clustered environment where multiple ceilometer-collector services are installed on different nodes (and due to that multiple expirer cron jobs installed). That can lead to deadlocks when the cron jobs run in parallel on the different nodes (bsc#1113107) openstack-heat-gbp: - switch to newton branch python-PyKMIP: - Fix a denial-of-service bug by setting the server socket timeout (bsc#1120767 CVE-2018-1000872) python-pysaml2: - Fix for the authentication bypass due to optimizations (CVE-2017-1000433, bsc#1074662) rubygem-crowbar-client: - Update to 3.9.0 - Add support for the restricted APIs - Add --raw to "proposal show" and "proposal edit" - Correctly parse error messages that we don't handle natively - Better upgrade repocheck output - Update to 3.7.0 - upgrade: Use cloud_version config for upgrade - ses: Add ses upload subcommand - Add cloud_version config field. - Wrap os-release file parsing for better reuse. - upgrade: Fix repocheck component in error message - upgrade: Better repocheck output - updated to version 3.6.1 * Hide the database step when it is not used (bsc#1118004) * Fix help strings * Describe how to upgrade more nodes with one command Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1450=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3 crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3 ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2 - SUSE OpenStack Cloud 7 (noarch): caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2 crowbar-4.0+git.1551088848.823bcaa3-7.29.2 crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2 crowbar-ha-4.0+git.1556181005.47c643d-4.46.3 crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3 galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2 openstack-ceilometer-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3 openstack-ceilometer-api-7.1.1~dev4-4.15.3 openstack-ceilometer-collector-7.1.1~dev4-4.15.3 openstack-ceilometer-doc-7.1.1~dev4-4.15.3 openstack-ceilometer-polling-7.1.1~dev4-4.15.3 openstack-heat-gbp-5.1.1~dev1-2.6.3 python-PyKMIP-0.5.0-3.3.3 python-ceilometer-7.1.1~dev4-4.15.3 python-heat-gbp-5.1.1~dev1-2.6.3 python-pysaml2-4.0.2-3.6.3 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3 ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1551088848.823bcaa3-7.29.2 References: https://www.suse.com/security/cve/CVE-2017-1000433.html https://www.suse.com/security/cve/CVE-2018-1000872.html https://bugzilla.suse.com/1063535 https://bugzilla.suse.com/1074662 https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1113107 https://bugzilla.suse.com/1118004 https://bugzilla.suse.com/1120767 https://bugzilla.suse.com/1122053 https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1123709 https://bugzilla.suse.com/1127558 https://bugzilla.suse.com/1127752 https://bugzilla.suse.com/1128954 https://bugzilla.suse.com/1128987 https://bugzilla.suse.com/1130414 https://bugzilla.suse.com/1131053 From sle-updates at lists.suse.com Fri Jun 7 13:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 21:11:16 +0200 (CEST) Subject: SUSE-SU-2019:1452-1: important: Security update for libvirt Message-ID: <20190607191116.19267FFBE@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1452-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1452=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1452=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libvirt-1.2.18.4-22.10.1 libvirt-client-1.2.18.4-22.10.1 libvirt-client-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-1.2.18.4-22.10.1 libvirt-daemon-config-network-1.2.18.4-22.10.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.10.1 libvirt-daemon-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-interface-1.2.18.4-22.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-libxl-1.2.18.4-22.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-lxc-1.2.18.4-22.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-network-1.2.18.4-22.10.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-qemu-1.2.18.4-22.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-secret-1.2.18.4-22.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-storage-1.2.18.4-22.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-lxc-1.2.18.4-22.10.1 libvirt-daemon-qemu-1.2.18.4-22.10.1 libvirt-daemon-xen-1.2.18.4-22.10.1 libvirt-debugsource-1.2.18.4-22.10.1 libvirt-doc-1.2.18.4-22.10.1 libvirt-lock-sanlock-1.2.18.4-22.10.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libvirt-1.2.18.4-22.10.1 libvirt-client-1.2.18.4-22.10.1 libvirt-client-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-1.2.18.4-22.10.1 libvirt-daemon-config-network-1.2.18.4-22.10.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.10.1 libvirt-daemon-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-interface-1.2.18.4-22.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-lxc-1.2.18.4-22.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-network-1.2.18.4-22.10.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-qemu-1.2.18.4-22.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-secret-1.2.18.4-22.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-driver-storage-1.2.18.4-22.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-lxc-1.2.18.4-22.10.1 libvirt-daemon-qemu-1.2.18.4-22.10.1 libvirt-debugsource-1.2.18.4-22.10.1 libvirt-doc-1.2.18.4-22.10.1 libvirt-lock-sanlock-1.2.18.4-22.10.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-22.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.10.1 libvirt-daemon-xen-1.2.18.4-22.10.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Fri Jun 7 13:13:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jun 2019 21:13:29 +0200 (CEST) Subject: SUSE-RU-2019:1451-1: moderate: Recommended update for azure-events Message-ID: <20190607191329.5E76FFFBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-events ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1451-1 Rating: moderate References: #1137038 #1137231 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-events fixes the following issues: - Fixes implicit bytes conversion that breaks py3 (bsc#1137038, bsc#1137231) - Reduced the amount of error messages using default value on crm_attribute Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1451=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.14.1 resource-agents-4.1.9+git24.9b664917-3.14.1 resource-agents-debuginfo-4.1.9+git24.9b664917-3.14.1 resource-agents-debugsource-4.1.9+git24.9b664917-3.14.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.14.1 References: https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137231 From sle-updates at lists.suse.com Tue Jun 11 07:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:10:45 +0200 (CEST) Subject: SUSE-SU-2019:1406-2: important: Security update for bind Message-ID: <20190611131045.585E0FEA9@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1406-2 Rating: important References: #1104129 #1126068 #1126069 #1133185 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): bind-debugsource-9.9.9P1-63.12.1 bind-libs-9.9.9P1-63.12.1 bind-libs-debuginfo-9.9.9P1-63.12.1 bind-utils-9.9.9P1-63.12.1 bind-utils-debuginfo-9.9.9P1-63.12.1 References: https://www.suse.com/security/cve/CVE-2018-5740.html https://www.suse.com/security/cve/CVE-2018-5743.html https://www.suse.com/security/cve/CVE-2018-5745.html https://www.suse.com/security/cve/CVE-2019-6465.html https://bugzilla.suse.com/1104129 https://bugzilla.suse.com/1126068 https://bugzilla.suse.com/1126069 https://bugzilla.suse.com/1133185 From sle-updates at lists.suse.com Tue Jun 11 07:11:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:11:52 +0200 (CEST) Subject: SUSE-SU-2019:14076-1: important: Security update for gstreamer-0_10-plugins-base Message-ID: <20190611131152.6A4A8FEA9@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14076-1 Rating: important References: #1024076 #1024079 #1133375 Cross-References: CVE-2017-5837 CVE-2017-5844 CVE-2019-9928 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issues: Security issues fixed: - CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076). - CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079). - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-gstreamer-0_10-plugins-base-14076=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-gstreamer-0_10-plugins-base-14076=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gstreamer-0_10-plugins-base-14076=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): gstreamer-0_10-plugins-base-0.10.35-5.18.5.1 gstreamer-0_10-plugins-base-doc-0.10.35-5.18.5.1 gstreamer-0_10-plugins-base-lang-0.10.35-5.18.5.1 libgstapp-0_10-0-0.10.35-5.18.5.1 libgstinterfaces-0_10-0-0.10.35-5.18.5.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.35-5.18.5.1 libgstapp-0_10-0-32bit-0.10.35-5.18.5.1 libgstinterfaces-0_10-0-32bit-0.10.35-5.18.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): gstreamer-0_10-plugins-base-0.10.35-5.18.5.1 gstreamer-0_10-plugins-base-doc-0.10.35-5.18.5.1 gstreamer-0_10-plugins-base-lang-0.10.35-5.18.5.1 libgstapp-0_10-0-0.10.35-5.18.5.1 libgstinterfaces-0_10-0-0.10.35-5.18.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.35-5.18.5.1 gstreamer-0_10-plugins-base-debugsource-0.10.35-5.18.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.35-5.18.5.1 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5844.html https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Tue Jun 11 07:12:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:12:49 +0200 (CEST) Subject: SUSE-SU-2019:1456-1: important: Security update for vim Message-ID: <20190611131249.83EADFEA9@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1456-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1456=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1456=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1456=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1456=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1456=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1456=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1456=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1456=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1456=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1456=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1456=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1456=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1456=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE OpenStack Cloud 7 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): vim-data-7.4.326-17.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Enterprise Storage 4 (x86_64): gvim-7.4.326-17.3.1 gvim-debuginfo-7.4.326-17.3.1 vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE Enterprise Storage 4 (noarch): vim-data-7.4.326-17.3.1 - SUSE CaaS Platform ALL (x86_64): vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - SUSE CaaS Platform 3.0 (x86_64): vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): vim-7.4.326-17.3.1 vim-debuginfo-7.4.326-17.3.1 vim-debugsource-7.4.326-17.3.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 From sle-updates at lists.suse.com Tue Jun 11 07:13:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:13:31 +0200 (CEST) Subject: SUSE-SU-2019:1458-1: important: Security update for MozillaThunderbird Message-ID: <20190611131331.D846EFEA9@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1458-1 Rating: important References: #1130694 #1133267 #1135824 Cross-References: CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 60.7.0. * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut These security issues were fixed (MFSA 2019-15 bsc#1135824): * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816: Type confusion with object groups and UnboxedObjects * CVE-2019-9817: Stealing of cross-domain images using canvas * CVE-2019-9818: Use-after-free in crash generation server * CVE-2019-9819: Compartment mismatch with fetch API * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell * CVE-2019-11691: Use-after-free in XMLHttpRequest * CVE-2019-11692: Use-after-free removing listeners in the event listener manager * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317: Use-after-free in png_image_free of libpng library * CVE-2019-9797: Cross-origin theft of images with createImageBitmap * CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-5798: Out-of-bounds read in Skia * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1458=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1458=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.7.0-3.33.2 MozillaThunderbird-debuginfo-60.7.0-3.33.2 MozillaThunderbird-debugsource-60.7.0-3.33.2 MozillaThunderbird-translations-common-60.7.0-3.33.2 MozillaThunderbird-translations-other-60.7.0-3.33.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.7.0-3.33.2 MozillaThunderbird-debuginfo-60.7.0-3.33.2 MozillaThunderbird-debugsource-60.7.0-3.33.2 MozillaThunderbird-translations-common-60.7.0-3.33.2 MozillaThunderbird-translations-other-60.7.0-3.33.2 References: https://www.suse.com/security/cve/CVE-2018-18511.html https://www.suse.com/security/cve/CVE-2019-11691.html https://www.suse.com/security/cve/CVE-2019-11692.html https://www.suse.com/security/cve/CVE-2019-11693.html https://www.suse.com/security/cve/CVE-2019-11694.html https://www.suse.com/security/cve/CVE-2019-11698.html https://www.suse.com/security/cve/CVE-2019-5798.html https://www.suse.com/security/cve/CVE-2019-7317.html https://www.suse.com/security/cve/CVE-2019-9797.html https://www.suse.com/security/cve/CVE-2019-9800.html https://www.suse.com/security/cve/CVE-2019-9815.html https://www.suse.com/security/cve/CVE-2019-9816.html https://www.suse.com/security/cve/CVE-2019-9817.html https://www.suse.com/security/cve/CVE-2019-9818.html https://www.suse.com/security/cve/CVE-2019-9819.html https://www.suse.com/security/cve/CVE-2019-9820.html https://bugzilla.suse.com/1130694 https://bugzilla.suse.com/1133267 https://bugzilla.suse.com/1135824 From sle-updates at lists.suse.com Tue Jun 11 07:14:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:14:27 +0200 (CEST) Subject: SUSE-SU-2019:1457-1: important: Security update for vim Message-ID: <20190611131427.E7F7EFEA9@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1457-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1457=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1457=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1457=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1457=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.3.1 gvim-debuginfo-8.0.1568-5.3.1 vim-debuginfo-8.0.1568-5.3.1 vim-debugsource-8.0.1568-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.3.1 gvim-debuginfo-8.0.1568-5.3.1 vim-debuginfo-8.0.1568-5.3.1 vim-debugsource-8.0.1568-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): vim-8.0.1568-5.3.1 vim-debuginfo-8.0.1568-5.3.1 vim-debugsource-8.0.1568-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): vim-data-8.0.1568-5.3.1 vim-data-common-8.0.1568-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): vim-8.0.1568-5.3.1 vim-debuginfo-8.0.1568-5.3.1 vim-debugsource-8.0.1568-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): vim-data-8.0.1568-5.3.1 vim-data-common-8.0.1568-5.3.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 From sle-updates at lists.suse.com Tue Jun 11 07:15:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 15:15:10 +0200 (CEST) Subject: SUSE-SU-2019:14078-1: important: Security update for vim Message-ID: <20190611131510.33BC1FEA9@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14078-1 Rating: important References: #1137443 Cross-References: CVE-2019-12735 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-vim-14078=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-vim-14078=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vim-14078=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): gvim-7.2-8.21.3.1 vim-7.2-8.21.3.1 vim-base-7.2-8.21.3.1 vim-data-7.2-8.21.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): gvim-7.2-8.21.3.1 vim-7.2-8.21.3.1 vim-base-7.2-8.21.3.1 vim-data-7.2-8.21.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): vim-debuginfo-7.2-8.21.3.1 vim-debugsource-7.2-8.21.3.1 References: https://www.suse.com/security/cve/CVE-2019-12735.html https://bugzilla.suse.com/1137443 From sle-updates at lists.suse.com Tue Jun 11 10:10:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jun 2019 18:10:47 +0200 (CEST) Subject: SUSE-SU-2019:1459-1: moderate: Security update for gnome-shell Message-ID: <20190611161047.9078BFEA9@maintenance.suse.de> SUSE Security Update: Security update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1459-1 Rating: moderate References: #1124493 Cross-References: CVE-2019-3820 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1459=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1459=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1459=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1459=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1459=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1459=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gnome-shell-calendar-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-shell-calendar-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-shell-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gnome-shell-lang-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2 gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-lang-3.26.2+20180130.0d9c74212-4.19.2 References: https://www.suse.com/security/cve/CVE-2019-3820.html https://bugzilla.suse.com/1124493 From sle-updates at lists.suse.com Tue Jun 11 16:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 00:10:46 +0200 (CEST) Subject: SUSE-SU-2019:1461-1: moderate: Security update for php7 Message-ID: <20190611221046.8FA2EFEA9@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1461-1 Rating: moderate References: #1118832 #1119396 #1126711 #1126713 #1126821 #1126823 #1126827 #1127122 #1128722 #1128883 #1128886 #1128887 #1128889 #1128892 #1129032 #1132837 #1132838 #1134322 Cross-References: CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has two fixes is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed: - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). - Enabled php7 testsuite (bsc#1119396). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1461=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1461=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1461=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.32.1 apache2-mod_php7-debuginfo-7.2.5-4.32.1 php7-7.2.5-4.32.1 php7-bcmath-7.2.5-4.32.1 php7-bcmath-debuginfo-7.2.5-4.32.1 php7-bz2-7.2.5-4.32.1 php7-bz2-debuginfo-7.2.5-4.32.1 php7-calendar-7.2.5-4.32.1 php7-calendar-debuginfo-7.2.5-4.32.1 php7-ctype-7.2.5-4.32.1 php7-ctype-debuginfo-7.2.5-4.32.1 php7-curl-7.2.5-4.32.1 php7-curl-debuginfo-7.2.5-4.32.1 php7-dba-7.2.5-4.32.1 php7-dba-debuginfo-7.2.5-4.32.1 php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-devel-7.2.5-4.32.1 php7-dom-7.2.5-4.32.1 php7-dom-debuginfo-7.2.5-4.32.1 php7-enchant-7.2.5-4.32.1 php7-enchant-debuginfo-7.2.5-4.32.1 php7-exif-7.2.5-4.32.1 php7-exif-debuginfo-7.2.5-4.32.1 php7-fastcgi-7.2.5-4.32.1 php7-fastcgi-debuginfo-7.2.5-4.32.1 php7-fileinfo-7.2.5-4.32.1 php7-fileinfo-debuginfo-7.2.5-4.32.1 php7-fpm-7.2.5-4.32.1 php7-fpm-debuginfo-7.2.5-4.32.1 php7-ftp-7.2.5-4.32.1 php7-ftp-debuginfo-7.2.5-4.32.1 php7-gd-7.2.5-4.32.1 php7-gd-debuginfo-7.2.5-4.32.1 php7-gettext-7.2.5-4.32.1 php7-gettext-debuginfo-7.2.5-4.32.1 php7-gmp-7.2.5-4.32.1 php7-gmp-debuginfo-7.2.5-4.32.1 php7-iconv-7.2.5-4.32.1 php7-iconv-debuginfo-7.2.5-4.32.1 php7-intl-7.2.5-4.32.1 php7-intl-debuginfo-7.2.5-4.32.1 php7-json-7.2.5-4.32.1 php7-json-debuginfo-7.2.5-4.32.1 php7-ldap-7.2.5-4.32.1 php7-ldap-debuginfo-7.2.5-4.32.1 php7-mbstring-7.2.5-4.32.1 php7-mbstring-debuginfo-7.2.5-4.32.1 php7-mysql-7.2.5-4.32.1 php7-mysql-debuginfo-7.2.5-4.32.1 php7-odbc-7.2.5-4.32.1 php7-odbc-debuginfo-7.2.5-4.32.1 php7-opcache-7.2.5-4.32.1 php7-opcache-debuginfo-7.2.5-4.32.1 php7-openssl-7.2.5-4.32.1 php7-openssl-debuginfo-7.2.5-4.32.1 php7-pcntl-7.2.5-4.32.1 php7-pcntl-debuginfo-7.2.5-4.32.1 php7-pdo-7.2.5-4.32.1 php7-pdo-debuginfo-7.2.5-4.32.1 php7-pgsql-7.2.5-4.32.1 php7-pgsql-debuginfo-7.2.5-4.32.1 php7-phar-7.2.5-4.32.1 php7-phar-debuginfo-7.2.5-4.32.1 php7-posix-7.2.5-4.32.1 php7-posix-debuginfo-7.2.5-4.32.1 php7-shmop-7.2.5-4.32.1 php7-shmop-debuginfo-7.2.5-4.32.1 php7-snmp-7.2.5-4.32.1 php7-snmp-debuginfo-7.2.5-4.32.1 php7-soap-7.2.5-4.32.1 php7-soap-debuginfo-7.2.5-4.32.1 php7-sockets-7.2.5-4.32.1 php7-sockets-debuginfo-7.2.5-4.32.1 php7-sodium-7.2.5-4.32.1 php7-sodium-debuginfo-7.2.5-4.32.1 php7-sqlite-7.2.5-4.32.1 php7-sqlite-debuginfo-7.2.5-4.32.1 php7-sysvmsg-7.2.5-4.32.1 php7-sysvmsg-debuginfo-7.2.5-4.32.1 php7-sysvsem-7.2.5-4.32.1 php7-sysvsem-debuginfo-7.2.5-4.32.1 php7-sysvshm-7.2.5-4.32.1 php7-sysvshm-debuginfo-7.2.5-4.32.1 php7-tokenizer-7.2.5-4.32.1 php7-tokenizer-debuginfo-7.2.5-4.32.1 php7-wddx-7.2.5-4.32.1 php7-wddx-debuginfo-7.2.5-4.32.1 php7-xmlreader-7.2.5-4.32.1 php7-xmlreader-debuginfo-7.2.5-4.32.1 php7-xmlrpc-7.2.5-4.32.1 php7-xmlrpc-debuginfo-7.2.5-4.32.1 php7-xmlwriter-7.2.5-4.32.1 php7-xmlwriter-debuginfo-7.2.5-4.32.1 php7-xsl-7.2.5-4.32.1 php7-xsl-debuginfo-7.2.5-4.32.1 php7-zip-7.2.5-4.32.1 php7-zip-debuginfo-7.2.5-4.32.1 php7-zlib-7.2.5-4.32.1 php7-zlib-debuginfo-7.2.5-4.32.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.32.1 php7-pear-Archive_Tar-7.2.5-4.32.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-embed-7.2.5-4.32.1 php7-embed-debuginfo-7.2.5-4.32.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.32.1 php7-debugsource-7.2.5-4.32.1 php7-embed-7.2.5-4.32.1 php7-embed-debuginfo-7.2.5-4.32.1 php7-readline-7.2.5-4.32.1 php7-readline-debuginfo-7.2.5-4.32.1 php7-sodium-7.2.5-4.32.1 php7-sodium-debuginfo-7.2.5-4.32.1 php7-tidy-7.2.5-4.32.1 php7-tidy-debuginfo-7.2.5-4.32.1 References: https://www.suse.com/security/cve/CVE-2018-19935.html https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-11034.html https://www.suse.com/security/cve/CVE-2019-11035.html https://www.suse.com/security/cve/CVE-2019-11036.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9022.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9641.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1118832 https://bugzilla.suse.com/1119396 https://bugzilla.suse.com/1126711 https://bugzilla.suse.com/1126713 https://bugzilla.suse.com/1126821 https://bugzilla.suse.com/1126823 https://bugzilla.suse.com/1126827 https://bugzilla.suse.com/1127122 https://bugzilla.suse.com/1128722 https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 https://bugzilla.suse.com/1129032 https://bugzilla.suse.com/1132837 https://bugzilla.suse.com/1132838 https://bugzilla.suse.com/1134322 From sle-updates at lists.suse.com Wed Jun 12 04:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 12:11:37 +0200 (CEST) Subject: SUSE-RU-2019:1467-1: moderate: Recommended update for gdm Message-ID: <20190612101137.B51D9FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1467-1 Rating: moderate References: #1120307 #1131625 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gdm provides the following fixes: - Remove duplicate session entries after all sessions have been processed. (bsc#1131625) - Add a SIGTERM signal handler to avoid gdm terminating unexpectedly. (bsc#1120307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1467=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1467=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1467=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1467=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gdm-branding-upstream-3.26.2.1-13.27.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gdm-branding-upstream-3.26.2.1-13.27.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.27.2 gdm-debuginfo-3.26.2.1-13.27.2 gdm-debugsource-3.26.2.1-13.27.2 gdm-devel-3.26.2.1-13.27.2 libgdm1-3.26.2.1-13.27.2 libgdm1-debuginfo-3.26.2.1-13.27.2 typelib-1_0-Gdm-1_0-3.26.2.1-13.27.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gdm-lang-3.26.2.1-13.27.2 gdmflexiserver-3.26.2.1-13.27.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.27.2 gdm-debuginfo-3.26.2.1-13.27.2 gdm-debugsource-3.26.2.1-13.27.2 gdm-devel-3.26.2.1-13.27.2 libgdm1-3.26.2.1-13.27.2 libgdm1-debuginfo-3.26.2.1-13.27.2 typelib-1_0-Gdm-1_0-3.26.2.1-13.27.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gdm-lang-3.26.2.1-13.27.2 gdmflexiserver-3.26.2.1-13.27.2 References: https://bugzilla.suse.com/1120307 https://bugzilla.suse.com/1131625 From sle-updates at lists.suse.com Wed Jun 12 04:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 12:12:34 +0200 (CEST) Subject: SUSE-RU-2019:1464-1: moderate: Recommended update for yast2-network Message-ID: <20190612101234.F3C8AFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1464-1 Rating: moderate References: #1086454 #1123102 #1131588 #1134784 #1136103 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Network crash when configure a static IP without hostname. (bsc#1123102) - Multiple network port setup, undefined method `split'. (bnc#1134784) - Network bonding: undefined method 'split'. (bnc#1136103) - Do not enforce particular mode for IPoIB devices by default. (bsc#1086454) - Display a confirmation popup when a static route is going to be removed after switching a device to DHCP. (bsc#1131588) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1464=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1464=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-network-3.4.6-3.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-network-3.4.6-3.14.1 References: https://bugzilla.suse.com/1086454 https://bugzilla.suse.com/1123102 https://bugzilla.suse.com/1131588 https://bugzilla.suse.com/1134784 https://bugzilla.suse.com/1136103 From sle-updates at lists.suse.com Wed Jun 12 04:13:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 12:13:52 +0200 (CEST) Subject: SUSE-RU-2019:1466-1: moderate: Recommended update for mutter Message-ID: <20190612101352.68537FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1466-1 Rating: moderate References: #1133445 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter provides the following fixes: - Fix issue that causes unresponsive GUI after long running session. (bsc#1133445) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1466=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1466=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmutter-1-0-3.26.2+20180207.4b2d21ff0-5.14.2 libmutter-1-0-debuginfo-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-data-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-debuginfo-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-debugsource-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-devel-3.26.2+20180207.4b2d21ff0-5.14.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): mutter-lang-3.26.2+20180207.4b2d21ff0-5.14.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmutter-1-0-3.26.2+20180207.4b2d21ff0-5.14.2 libmutter-1-0-debuginfo-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-data-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-debuginfo-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-debugsource-3.26.2+20180207.4b2d21ff0-5.14.2 mutter-devel-3.26.2+20180207.4b2d21ff0-5.14.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): mutter-lang-3.26.2+20180207.4b2d21ff0-5.14.2 References: https://bugzilla.suse.com/1133445 From sle-updates at lists.suse.com Wed Jun 12 04:15:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 12:15:04 +0200 (CEST) Subject: SUSE-RU-2019:14081-1: moderate: Recommended update for mdadm Message-ID: <20190612101504.E44E7FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14081-1 Rating: moderate References: #1081286 #1082766 #1095141 #1095729 #1096363 #1105175 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mdadm provides the following fixes: - Assemble: Prevent a segmentation fault with faulty "best" devices. (bsc#1082766, bsc#1095729) - Do not use the bad_blocks and unacknowledged_bad_blocks sysfs entries which are not available in SLE11-SP4 kernel. (bsc#1105175) - Accept option '--brief' with '--export' (bsc#1095141) Call mdadm --detail --export with --brief in 64-md-raid.rules. This should prevent overflow on large deployment. - md_monitor: use pselect (bsc#1095141) - md_monitor: fix crash in display_io_status (bsc#1096363) - md_monitor: fixup crash in display_md_status (bsc#1081286), (bsc#1096363) - Delete code that require sysfs entries bad_blocks and unacknowledged_bad_blocks which are not in SLE11-SP4 kernel. (bsc#1105175) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mdadm-14081=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mdadm-14081=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mdadm-3.3.1-10.27.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mdadm-debuginfo-3.3.1-10.27.4 mdadm-debugsource-3.3.1-10.27.4 References: https://bugzilla.suse.com/1081286 https://bugzilla.suse.com/1082766 https://bugzilla.suse.com/1095141 https://bugzilla.suse.com/1095729 https://bugzilla.suse.com/1096363 https://bugzilla.suse.com/1105175 From sle-updates at lists.suse.com Wed Jun 12 07:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 15:10:44 +0200 (CEST) Subject: SUSE-SU-2019:1468-1: moderate: Security update for libcroco Message-ID: <20190612131044.19A25FEA9@maintenance.suse.de> SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1468-1 Rating: moderate References: #1034481 #1034482 #1043898 #1043899 Cross-References: CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1468=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1468=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1468=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1468=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1468=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1468=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1468=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libcroco-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 libcroco-devel-0.6.11-12.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libcroco-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 libcroco-devel-0.6.11-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-32bit-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-32bit-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - SUSE CaaS Platform ALL (x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - SUSE CaaS Platform 3.0 (x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libcroco-0_6-3-0.6.11-12.3.1 libcroco-0_6-3-debuginfo-0.6.11-12.3.1 libcroco-debuginfo-0.6.11-12.3.1 libcroco-debugsource-0.6.11-12.3.1 References: https://www.suse.com/security/cve/CVE-2017-7960.html https://www.suse.com/security/cve/CVE-2017-7961.html https://www.suse.com/security/cve/CVE-2017-8834.html https://www.suse.com/security/cve/CVE-2017-8871.html https://bugzilla.suse.com/1034481 https://bugzilla.suse.com/1034482 https://bugzilla.suse.com/1043898 https://bugzilla.suse.com/1043899 From sle-updates at lists.suse.com Wed Jun 12 07:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 15:11:51 +0200 (CEST) Subject: SUSE-RU-2019:1469-1: moderate: Recommended update for pam_mount Message-ID: <20190612131151.87926FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam_mount ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1469-1 Rating: moderate References: #1135310 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam_mount fixes the following issues: - LUKS2 support has been added to pam_mount (bnc#1135310 jsc#sle-6551) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1469=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1469=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1469=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1469=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1469=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1469=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libcryptmount-devel-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libcryptmount-devel-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libcryptmount0-2.14-5.3.1 libcryptmount0-debuginfo-2.14-5.3.1 pam_mount-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libcryptmount0-32bit-2.14-5.3.1 libcryptmount0-debuginfo-32bit-2.14-5.3.1 pam_mount-32bit-2.14-5.3.1 pam_mount-debuginfo-32bit-2.14-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libcryptmount0-2.14-5.3.1 libcryptmount0-debuginfo-2.14-5.3.1 pam_mount-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcryptmount0-32bit-2.14-5.3.1 libcryptmount0-debuginfo-32bit-2.14-5.3.1 pam_mount-32bit-2.14-5.3.1 pam_mount-debuginfo-32bit-2.14-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libcryptmount0-2.14-5.3.1 libcryptmount0-32bit-2.14-5.3.1 libcryptmount0-debuginfo-2.14-5.3.1 libcryptmount0-debuginfo-32bit-2.14-5.3.1 pam_mount-2.14-5.3.1 pam_mount-32bit-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debuginfo-32bit-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libcryptmount0-2.14-5.3.1 libcryptmount0-32bit-2.14-5.3.1 libcryptmount0-debuginfo-2.14-5.3.1 libcryptmount0-debuginfo-32bit-2.14-5.3.1 pam_mount-2.14-5.3.1 pam_mount-32bit-2.14-5.3.1 pam_mount-debuginfo-2.14-5.3.1 pam_mount-debuginfo-32bit-2.14-5.3.1 pam_mount-debugsource-2.14-5.3.1 References: https://bugzilla.suse.com/1135310 From sle-updates at lists.suse.com Wed Jun 12 07:12:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 15:12:29 +0200 (CEST) Subject: SUSE-RU-2019:1471-1: moderate: Recommended update for permissions Message-ID: <20190612131229.C5F44FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1471-1 Rating: moderate References: #1110797 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1471=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): permissions-20180125-3.9.1 permissions-debuginfo-20180125-3.9.1 permissions-debugsource-20180125-3.9.1 References: https://bugzilla.suse.com/1110797 From sle-updates at lists.suse.com Wed Jun 12 07:13:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 15:13:09 +0200 (CEST) Subject: SUSE-RU-2019:1470-1: moderate: Recommended update for installation-images Message-ID: <20190612131309.EF3BAFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1470-1 Rating: moderate References: #1040492 #1095289 #1095796 #1099327 #1103208 #1106114 #1108005 #1108289 #1108905 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for installation-images fixes the following issues: - adjust to glibc-locale package split - aarch64: add gpio-thunderx.ko module (bsc#1106114) - adjust to iptables using update-alternatives (bsc#1108289) - Make monitor miror mode during installation the default again (bsc#1108905) - Add ptp_qoriq to module.config - add bcache-tools to installation initrd (fate#325346) - Fix rpi file list - hdimage: Use at least FAT16 - add raspberry pi firmware files - get leap version from %sle_version macro (bsc#1103208) - etc: update module.config to match 4.18 - add pinctrl-* modules (bsc#1095796) - add bcm43xx-firmware (bsc#1099327) - Tidy module.config comment notes - Add mailbox modules (bsc#1040492) - include all kernel input modules (bsc#1095289) - etc: update module.config to match 4.17 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1470=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): tftpboot-installation-SLE-15-aarch64-14.385-3.3.2 tftpboot-installation-SLE-15-ppc64le-14.385-3.3.2 tftpboot-installation-SLE-15-s390x-14.385-3.3.2 tftpboot-installation-SLE-15-x86_64-14.385-3.3.2 References: https://bugzilla.suse.com/1040492 https://bugzilla.suse.com/1095289 https://bugzilla.suse.com/1095796 https://bugzilla.suse.com/1099327 https://bugzilla.suse.com/1103208 https://bugzilla.suse.com/1106114 https://bugzilla.suse.com/1108005 https://bugzilla.suse.com/1108289 https://bugzilla.suse.com/1108905 From sle-updates at lists.suse.com Wed Jun 12 10:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:10:28 +0200 (CEST) Subject: SUSE-RU-2019:1475-1: moderate: Recommended update for permissions Message-ID: <20190612161028.BF2FBFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1475-1 Rating: moderate References: #1110797 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1475=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1475=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): permissions-20170707-3.3.1 permissions-debuginfo-20170707-3.3.1 permissions-debugsource-20170707-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): permissions-20170707-3.3.1 permissions-debuginfo-20170707-3.3.1 permissions-debugsource-20170707-3.3.1 References: https://bugzilla.suse.com/1110797 From sle-updates at lists.suse.com Wed Jun 12 10:11:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:11:13 +0200 (CEST) Subject: SUSE-SU-2019:1477-1: moderate: Security update for sssd Message-ID: <20190612161113.707F6FEA9@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1477-1 Rating: moderate References: #1124194 #1132879 Cross-References: CVE-2018-16838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed: - Create directory to download and cache GPOs (bsc#1132879) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1477=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1477=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1477=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.37.1 libsss_idmap-devel-1.13.4-34.37.1 libsss_nss_idmap-devel-1.13.4-34.37.1 sssd-debuginfo-1.13.4-34.37.1 sssd-debugsource-1.13.4-34.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.37.1 libipa_hbac0-debuginfo-1.13.4-34.37.1 libsss_idmap0-1.13.4-34.37.1 libsss_idmap0-debuginfo-1.13.4-34.37.1 libsss_nss_idmap0-1.13.4-34.37.1 libsss_nss_idmap0-debuginfo-1.13.4-34.37.1 libsss_sudo-1.13.4-34.37.1 libsss_sudo-debuginfo-1.13.4-34.37.1 python-sssd-config-1.13.4-34.37.1 python-sssd-config-debuginfo-1.13.4-34.37.1 sssd-1.13.4-34.37.1 sssd-ad-1.13.4-34.37.1 sssd-ad-debuginfo-1.13.4-34.37.1 sssd-debuginfo-1.13.4-34.37.1 sssd-debugsource-1.13.4-34.37.1 sssd-ipa-1.13.4-34.37.1 sssd-ipa-debuginfo-1.13.4-34.37.1 sssd-krb5-1.13.4-34.37.1 sssd-krb5-common-1.13.4-34.37.1 sssd-krb5-common-debuginfo-1.13.4-34.37.1 sssd-krb5-debuginfo-1.13.4-34.37.1 sssd-ldap-1.13.4-34.37.1 sssd-ldap-debuginfo-1.13.4-34.37.1 sssd-proxy-1.13.4-34.37.1 sssd-proxy-debuginfo-1.13.4-34.37.1 sssd-tools-1.13.4-34.37.1 sssd-tools-debuginfo-1.13.4-34.37.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libipa_hbac0-1.13.4-34.37.1 libipa_hbac0-debuginfo-1.13.4-34.37.1 libsss_idmap0-1.13.4-34.37.1 libsss_idmap0-debuginfo-1.13.4-34.37.1 libsss_nss_idmap0-1.13.4-34.37.1 libsss_nss_idmap0-debuginfo-1.13.4-34.37.1 libsss_sudo-1.13.4-34.37.1 libsss_sudo-debuginfo-1.13.4-34.37.1 python-sssd-config-1.13.4-34.37.1 python-sssd-config-debuginfo-1.13.4-34.37.1 sssd-1.13.4-34.37.1 sssd-ad-1.13.4-34.37.1 sssd-ad-debuginfo-1.13.4-34.37.1 sssd-debuginfo-1.13.4-34.37.1 sssd-debugsource-1.13.4-34.37.1 sssd-ipa-1.13.4-34.37.1 sssd-ipa-debuginfo-1.13.4-34.37.1 sssd-krb5-1.13.4-34.37.1 sssd-krb5-common-1.13.4-34.37.1 sssd-krb5-common-debuginfo-1.13.4-34.37.1 sssd-krb5-debuginfo-1.13.4-34.37.1 sssd-ldap-1.13.4-34.37.1 sssd-ldap-debuginfo-1.13.4-34.37.1 sssd-proxy-1.13.4-34.37.1 sssd-proxy-debuginfo-1.13.4-34.37.1 sssd-tools-1.13.4-34.37.1 sssd-tools-debuginfo-1.13.4-34.37.1 References: https://www.suse.com/security/cve/CVE-2018-16838.html https://bugzilla.suse.com/1124194 https://bugzilla.suse.com/1132879 From sle-updates at lists.suse.com Wed Jun 12 10:12:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:12:03 +0200 (CEST) Subject: SUSE-RU-2019:1474-1: moderate: Recommended update for permissions Message-ID: <20190612161203.5F73BFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1474-1 Rating: moderate References: #1110797 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1474=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1474=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1474=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): permissions-2015.09.28.1626-17.15.1 permissions-debuginfo-2015.09.28.1626-17.15.1 permissions-debugsource-2015.09.28.1626-17.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): permissions-2015.09.28.1626-17.15.1 permissions-debuginfo-2015.09.28.1626-17.15.1 permissions-debugsource-2015.09.28.1626-17.15.1 - SUSE CaaS Platform ALL (x86_64): permissions-2015.09.28.1626-17.15.1 permissions-debuginfo-2015.09.28.1626-17.15.1 permissions-debugsource-2015.09.28.1626-17.15.1 - SUSE CaaS Platform 3.0 (x86_64): permissions-2015.09.28.1626-17.15.1 permissions-debuginfo-2015.09.28.1626-17.15.1 permissions-debugsource-2015.09.28.1626-17.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): permissions-2015.09.28.1626-17.15.1 permissions-debuginfo-2015.09.28.1626-17.15.1 permissions-debugsource-2015.09.28.1626-17.15.1 References: https://bugzilla.suse.com/1110797 From sle-updates at lists.suse.com Wed Jun 12 10:12:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:12:42 +0200 (CEST) Subject: SUSE-RU-2019:1472-1: moderate: Recommended update for gnome-settings-daemon Message-ID: <20190612161242.3BCE6FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-settings-daemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1472-1 Rating: moderate References: #1086789 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-settings-daemon provides the following fixes: - Round the Xft.dpi setting to an integer. (bsc#1086789) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1472=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1472=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-3.26.2-8.3.2 gnome-settings-daemon-debuginfo-3.26.2-8.3.2 gnome-settings-daemon-debugsource-3.26.2-8.3.2 gnome-settings-daemon-devel-3.26.2-8.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gnome-settings-daemon-lang-3.26.2-8.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-3.26.2-8.3.2 gnome-settings-daemon-debuginfo-3.26.2-8.3.2 gnome-settings-daemon-debugsource-3.26.2-8.3.2 gnome-settings-daemon-devel-3.26.2-8.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-settings-daemon-lang-3.26.2-8.3.2 References: https://bugzilla.suse.com/1086789 From sle-updates at lists.suse.com Wed Jun 12 10:13:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:13:27 +0200 (CEST) Subject: SUSE-SU-2019:1476-1: moderate: Security update for sssd Message-ID: <20190612161327.16A23FEA9@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1476-1 Rating: moderate References: #1124194 #1132657 #1132879 #1135247 Cross-References: CVE-2018-16838 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issues fixed: - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1476=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1476=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1476=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.24.6 libnfsidmap-sss-debuginfo-1.16.1-3.24.6 python3-ipa_hbac-1.16.1-3.24.6 python3-ipa_hbac-debuginfo-1.16.1-3.24.6 python3-sss-murmur-1.16.1-3.24.6 python3-sss-murmur-debuginfo-1.16.1-3.24.6 python3-sss_nss_idmap-1.16.1-3.24.6 python3-sss_nss_idmap-debuginfo-1.16.1-3.24.6 sssd-debuginfo-1.16.1-3.24.6 sssd-debugsource-1.16.1-3.24.6 sssd-winbind-idmap-1.16.1-3.24.6 sssd-winbind-idmap-debuginfo-1.16.1-3.24.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.24.6 libnfsidmap-sss-debuginfo-1.16.1-3.24.6 python3-ipa_hbac-1.16.1-3.24.6 python3-ipa_hbac-debuginfo-1.16.1-3.24.6 python3-sss-murmur-1.16.1-3.24.6 python3-sss-murmur-debuginfo-1.16.1-3.24.6 python3-sss_nss_idmap-1.16.1-3.24.6 python3-sss_nss_idmap-debuginfo-1.16.1-3.24.6 sssd-dbus-1.16.1-3.24.6 sssd-dbus-debuginfo-1.16.1-3.24.6 sssd-debuginfo-1.16.1-3.24.6 sssd-debugsource-1.16.1-3.24.6 sssd-winbind-idmap-1.16.1-3.24.6 sssd-winbind-idmap-debuginfo-1.16.1-3.24.6 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.24.6 libipa_hbac0-1.16.1-3.24.6 libipa_hbac0-debuginfo-1.16.1-3.24.6 libsss_certmap-devel-1.16.1-3.24.6 libsss_certmap0-1.16.1-3.24.6 libsss_certmap0-debuginfo-1.16.1-3.24.6 libsss_idmap-devel-1.16.1-3.24.6 libsss_idmap0-1.16.1-3.24.6 libsss_idmap0-debuginfo-1.16.1-3.24.6 libsss_nss_idmap-devel-1.16.1-3.24.6 libsss_nss_idmap0-1.16.1-3.24.6 libsss_nss_idmap0-debuginfo-1.16.1-3.24.6 libsss_simpleifp-devel-1.16.1-3.24.6 libsss_simpleifp0-1.16.1-3.24.6 libsss_simpleifp0-debuginfo-1.16.1-3.24.6 python3-sssd-config-1.16.1-3.24.6 python3-sssd-config-debuginfo-1.16.1-3.24.6 sssd-1.16.1-3.24.6 sssd-ad-1.16.1-3.24.6 sssd-ad-debuginfo-1.16.1-3.24.6 sssd-dbus-1.16.1-3.24.6 sssd-dbus-debuginfo-1.16.1-3.24.6 sssd-debuginfo-1.16.1-3.24.6 sssd-debugsource-1.16.1-3.24.6 sssd-ipa-1.16.1-3.24.6 sssd-ipa-debuginfo-1.16.1-3.24.6 sssd-krb5-1.16.1-3.24.6 sssd-krb5-common-1.16.1-3.24.6 sssd-krb5-common-debuginfo-1.16.1-3.24.6 sssd-krb5-debuginfo-1.16.1-3.24.6 sssd-ldap-1.16.1-3.24.6 sssd-ldap-debuginfo-1.16.1-3.24.6 sssd-proxy-1.16.1-3.24.6 sssd-proxy-debuginfo-1.16.1-3.24.6 sssd-tools-1.16.1-3.24.6 sssd-tools-debuginfo-1.16.1-3.24.6 sssd-wbclient-1.16.1-3.24.6 sssd-wbclient-debuginfo-1.16.1-3.24.6 sssd-wbclient-devel-1.16.1-3.24.6 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): sssd-32bit-1.16.1-3.22.1 sssd-32bit-debuginfo-1.16.1-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.24.6 libipa_hbac0-1.16.1-3.24.6 libipa_hbac0-debuginfo-1.16.1-3.24.6 libsss_certmap-devel-1.16.1-3.24.6 libsss_certmap0-1.16.1-3.24.6 libsss_certmap0-debuginfo-1.16.1-3.24.6 libsss_idmap-devel-1.16.1-3.24.6 libsss_idmap0-1.16.1-3.24.6 libsss_idmap0-debuginfo-1.16.1-3.24.6 libsss_nss_idmap-devel-1.16.1-3.24.6 libsss_nss_idmap0-1.16.1-3.24.6 libsss_nss_idmap0-debuginfo-1.16.1-3.24.6 libsss_simpleifp-devel-1.16.1-3.24.6 libsss_simpleifp0-1.16.1-3.24.6 libsss_simpleifp0-debuginfo-1.16.1-3.24.6 python3-sssd-config-1.16.1-3.24.6 python3-sssd-config-debuginfo-1.16.1-3.24.6 sssd-1.16.1-3.24.6 sssd-ad-1.16.1-3.24.6 sssd-ad-debuginfo-1.16.1-3.24.6 sssd-dbus-1.16.1-3.24.6 sssd-dbus-debuginfo-1.16.1-3.24.6 sssd-debuginfo-1.16.1-3.24.6 sssd-debugsource-1.16.1-3.24.6 sssd-ipa-1.16.1-3.24.6 sssd-ipa-debuginfo-1.16.1-3.24.6 sssd-krb5-1.16.1-3.24.6 sssd-krb5-common-1.16.1-3.24.6 sssd-krb5-common-debuginfo-1.16.1-3.24.6 sssd-krb5-debuginfo-1.16.1-3.24.6 sssd-ldap-1.16.1-3.24.6 sssd-ldap-debuginfo-1.16.1-3.24.6 sssd-proxy-1.16.1-3.24.6 sssd-proxy-debuginfo-1.16.1-3.24.6 sssd-tools-1.16.1-3.24.6 sssd-tools-debuginfo-1.16.1-3.24.6 sssd-wbclient-1.16.1-3.24.6 sssd-wbclient-debuginfo-1.16.1-3.24.6 sssd-wbclient-devel-1.16.1-3.24.6 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.22.1 sssd-32bit-debuginfo-1.16.1-3.22.1 References: https://www.suse.com/security/cve/CVE-2018-16838.html https://bugzilla.suse.com/1124194 https://bugzilla.suse.com/1132657 https://bugzilla.suse.com/1132879 https://bugzilla.suse.com/1135247 From sle-updates at lists.suse.com Wed Jun 12 10:14:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 18:14:31 +0200 (CEST) Subject: SUSE-RU-2019:1473-1: moderate: Recommended update for libteam Message-ID: <20190612161431.05D37FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libteam ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1473-1 Rating: moderate References: #1115225 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libteam fixes the following issues: - teamd: do correct l3/l4 tx hashing with vlans(bsc#1115225) - Do not set Collecting & Distributing & Synchronization bit in LACPDUs for the ports associated with standby agg. - LACP: INFO_STATE_AGGREGATION not set on first port when subsequent ports join team Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1473=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1473=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1473=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1473=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libteam-debugsource-1.21-5.3.1 libteam-tools-1.21-5.3.1 libteam-tools-debuginfo-1.21-5.3.1 libteam5-1.21-5.3.1 libteam5-debuginfo-1.21-5.3.1 libteamdctl0-1.21-5.3.1 libteamdctl0-debuginfo-1.21-5.3.1 python-libteam-1.21-5.3.1 python-libteam-debuginfo-1.21-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libteam-debugsource-1.21-5.3.1 libteam-tools-1.21-5.3.1 libteam-tools-debuginfo-1.21-5.3.1 libteam5-1.21-5.3.1 libteam5-debuginfo-1.21-5.3.1 libteamdctl0-1.21-5.3.1 libteamdctl0-debuginfo-1.21-5.3.1 python-libteam-1.21-5.3.1 python-libteam-debuginfo-1.21-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libteam-debugsource-1.21-5.3.1 libteamdctl0-1.21-5.3.1 libteamdctl0-debuginfo-1.21-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libteam-debugsource-1.21-5.3.1 libteamdctl0-1.21-5.3.1 libteamdctl0-debuginfo-1.21-5.3.1 References: https://bugzilla.suse.com/1115225 From sle-updates at lists.suse.com Wed Jun 12 13:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jun 2019 21:10:17 +0200 (CEST) Subject: SUSE-SU-2019:1480-1: moderate: Security update for sssd Message-ID: <20190612191017.D6D4FFEA9@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1480-1 Rating: moderate References: #1124194 #1132657 #1132879 #1135247 Cross-References: CVE-2018-16838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1480=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1480=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1480=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-4.12.2 libsss_idmap-devel-1.16.1-4.12.2 libsss_nss_idmap-devel-1.16.1-4.12.2 sssd-debuginfo-1.16.1-4.12.2 sssd-debugsource-1.16.1-4.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.12.2 libipa_hbac0-debuginfo-1.16.1-4.12.2 libsss_certmap0-1.16.1-4.12.2 libsss_certmap0-debuginfo-1.16.1-4.12.2 libsss_idmap0-1.16.1-4.12.2 libsss_idmap0-debuginfo-1.16.1-4.12.2 libsss_nss_idmap0-1.16.1-4.12.2 libsss_nss_idmap0-debuginfo-1.16.1-4.12.2 libsss_simpleifp0-1.16.1-4.12.2 libsss_simpleifp0-debuginfo-1.16.1-4.12.2 python-sssd-config-1.16.1-4.12.2 python-sssd-config-debuginfo-1.16.1-4.12.2 sssd-1.16.1-4.12.2 sssd-ad-1.16.1-4.12.2 sssd-ad-debuginfo-1.16.1-4.12.2 sssd-debuginfo-1.16.1-4.12.2 sssd-debugsource-1.16.1-4.12.2 sssd-ipa-1.16.1-4.12.2 sssd-ipa-debuginfo-1.16.1-4.12.2 sssd-krb5-1.16.1-4.12.2 sssd-krb5-common-1.16.1-4.12.2 sssd-krb5-common-debuginfo-1.16.1-4.12.2 sssd-krb5-debuginfo-1.16.1-4.12.2 sssd-ldap-1.16.1-4.12.2 sssd-ldap-debuginfo-1.16.1-4.12.2 sssd-proxy-1.16.1-4.12.2 sssd-proxy-debuginfo-1.16.1-4.12.2 sssd-tools-1.16.1-4.12.2 sssd-tools-debuginfo-1.16.1-4.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): sssd-32bit-1.16.1-4.12.2 sssd-debuginfo-32bit-1.16.1-4.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libipa_hbac0-1.16.1-4.12.2 libipa_hbac0-debuginfo-1.16.1-4.12.2 libsss_certmap0-1.16.1-4.12.2 libsss_certmap0-debuginfo-1.16.1-4.12.2 libsss_idmap0-1.16.1-4.12.2 libsss_idmap0-debuginfo-1.16.1-4.12.2 libsss_nss_idmap0-1.16.1-4.12.2 libsss_nss_idmap0-debuginfo-1.16.1-4.12.2 libsss_simpleifp0-1.16.1-4.12.2 libsss_simpleifp0-debuginfo-1.16.1-4.12.2 python-sssd-config-1.16.1-4.12.2 python-sssd-config-debuginfo-1.16.1-4.12.2 sssd-1.16.1-4.12.2 sssd-32bit-1.16.1-4.12.2 sssd-ad-1.16.1-4.12.2 sssd-ad-debuginfo-1.16.1-4.12.2 sssd-debuginfo-1.16.1-4.12.2 sssd-debuginfo-32bit-1.16.1-4.12.2 sssd-debugsource-1.16.1-4.12.2 sssd-ipa-1.16.1-4.12.2 sssd-ipa-debuginfo-1.16.1-4.12.2 sssd-krb5-1.16.1-4.12.2 sssd-krb5-common-1.16.1-4.12.2 sssd-krb5-common-debuginfo-1.16.1-4.12.2 sssd-krb5-debuginfo-1.16.1-4.12.2 sssd-ldap-1.16.1-4.12.2 sssd-ldap-debuginfo-1.16.1-4.12.2 sssd-proxy-1.16.1-4.12.2 sssd-proxy-debuginfo-1.16.1-4.12.2 sssd-tools-1.16.1-4.12.2 sssd-tools-debuginfo-1.16.1-4.12.2 References: https://www.suse.com/security/cve/CVE-2018-16838.html https://bugzilla.suse.com/1124194 https://bugzilla.suse.com/1132657 https://bugzilla.suse.com/1132879 https://bugzilla.suse.com/1135247 From sle-updates at lists.suse.com Thu Jun 13 04:12:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 12:12:30 +0200 (CEST) Subject: SUSE-RU-2019:1481-1: moderate: Recommended update for sg3_utils Message-ID: <20190613101230.A5D5BFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1481-1 Rating: moderate References: #1005063 #1119296 #1133418 #954600 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sg3_utils provides the following fixes: - Fix regression for page 0xa. (bsc#1119296) - Add pre/post scripts for lunmask.service. (bsc#954600) - Will now generate by-path links for fibrechannel. (bsc#1005063) - Fixes a syntax error for rule 59-fc-wwpn-id.rules. (bsc#1133418) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1481=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1481=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1481=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1481=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1481=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1481=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1481=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - SUSE CaaS Platform 3.0 (x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsgutils2-2-1.43+46.4b09c76-16.23.1 libsgutils2-2-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debuginfo-1.43+46.4b09c76-16.23.1 sg3_utils-debugsource-1.43+46.4b09c76-16.23.1 References: https://bugzilla.suse.com/1005063 https://bugzilla.suse.com/1119296 https://bugzilla.suse.com/1133418 https://bugzilla.suse.com/954600 From sle-updates at lists.suse.com Thu Jun 13 04:14:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 12:14:09 +0200 (CEST) Subject: SUSE-RU-2019:1484-1: moderate: Recommended update for e2fsprogs Message-ID: <20190613101409.05C52FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1484-1 Rating: moderate References: #1128383 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1484=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1484=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1484=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): e2fsprogs-debugsource-1.43.8-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.6.1 e2fsprogs-debuginfo-1.43.8-4.6.1 e2fsprogs-debugsource-1.43.8-4.6.1 e2fsprogs-devel-1.43.8-4.6.1 libcom_err-devel-1.43.8-4.6.1 libcom_err-devel-static-1.43.8-4.6.1 libcom_err2-1.43.8-4.6.1 libcom_err2-debuginfo-1.43.8-4.6.1 libext2fs-devel-1.43.8-4.6.1 libext2fs-devel-static-1.43.8-4.6.1 libext2fs2-1.43.8-4.6.1 libext2fs2-debuginfo-1.43.8-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.6.1 e2fsprogs-debuginfo-1.43.8-4.6.1 e2fsprogs-debugsource-1.43.8-4.6.1 e2fsprogs-devel-1.43.8-4.6.1 libcom_err-devel-1.43.8-4.6.1 libcom_err-devel-static-1.43.8-4.6.1 libcom_err2-1.43.8-4.6.1 libcom_err2-debuginfo-1.43.8-4.6.1 libext2fs-devel-1.43.8-4.6.1 libext2fs-devel-static-1.43.8-4.6.1 libext2fs2-1.43.8-4.6.1 libext2fs2-debuginfo-1.43.8-4.6.1 References: https://bugzilla.suse.com/1128383 From sle-updates at lists.suse.com Thu Jun 13 04:15:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 12:15:00 +0200 (CEST) Subject: SUSE-RU-2019:1482-1: moderate: Recommended update for nvme-cli Message-ID: <20190613101500.C9723FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1482-1 Rating: moderate References: #1133594 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli provides the following fixes: - Increase size of ONTAP namespace path variable. - Fix failing service on devices without fc-hardware. (bsc#1133594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1482=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nvme-cli-1.7-6.3.3 nvme-cli-debuginfo-1.7-6.3.3 nvme-cli-debugsource-1.7-6.3.3 References: https://bugzilla.suse.com/1133594 From sle-updates at lists.suse.com Thu Jun 13 04:15:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 12:15:57 +0200 (CEST) Subject: SUSE-RU-2019:1485-1: moderate: Recommended update for mutter Message-ID: <20190613101557.54F04FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1485-1 Rating: moderate References: #1133445 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter provides the following fixes: - Fix issue that causes unresponsive GUI after long running session. (bsc#1133445) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1485=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1485=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1485=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1485=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1485=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1485=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 mutter-devel-3.20.3-16.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 mutter-devel-3.20.3-16.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmutter0-3.20.3-16.15.1 libmutter0-debuginfo-3.20.3-16.15.1 mutter-3.20.3-16.15.1 mutter-data-3.20.3-16.15.1 mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 typelib-1_0-Meta-3_0-3.20.3-16.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): mutter-lang-3.20.3-16.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmutter0-3.20.3-16.15.1 libmutter0-debuginfo-3.20.3-16.15.1 mutter-3.20.3-16.15.1 mutter-data-3.20.3-16.15.1 mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 typelib-1_0-Meta-3_0-3.20.3-16.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): mutter-lang-3.20.3-16.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): mutter-lang-3.20.3-16.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmutter0-3.20.3-16.15.1 libmutter0-debuginfo-3.20.3-16.15.1 mutter-3.20.3-16.15.1 mutter-data-3.20.3-16.15.1 mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 typelib-1_0-Meta-3_0-3.20.3-16.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmutter0-3.20.3-16.15.1 libmutter0-debuginfo-3.20.3-16.15.1 mutter-3.20.3-16.15.1 mutter-data-3.20.3-16.15.1 mutter-debuginfo-3.20.3-16.15.1 mutter-debugsource-3.20.3-16.15.1 typelib-1_0-Meta-3_0-3.20.3-16.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): mutter-lang-3.20.3-16.15.1 References: https://bugzilla.suse.com/1133445 From sle-updates at lists.suse.com Thu Jun 13 04:17:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 12:17:00 +0200 (CEST) Subject: SUSE-RU-2019:1483-1: moderate: Recommended update for nvme-cli Message-ID: <20190613101700.82C4FFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1483-1 Rating: moderate References: #1084379 #1124564 #1126565 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Update man page of nvme connect-all to list new flags (bsc#1084379) - Add new udev rule for NetApp E-Series and adjust udev rule naming scheme accordingly. (bsc#1124564) - Nvme flush now determines the namespace id, when not given via -n flag. This also fixes a failing test in the regress-script. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1483=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-7.19.1 nvme-cli-debuginfo-1.5-7.19.1 nvme-cli-debugsource-1.5-7.19.1 References: https://bugzilla.suse.com/1084379 https://bugzilla.suse.com/1124564 https://bugzilla.suse.com/1126565 From sle-updates at lists.suse.com Thu Jun 13 07:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 15:11:03 +0200 (CEST) Subject: SUSE-SU-2019:1487-1: moderate: Security update for python-requests Message-ID: <20190613131103.E663BFEA9@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1487-1 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1487=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1487=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-requests-2.20.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-requests-2.20.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-updates at lists.suse.com Thu Jun 13 07:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 15:11:44 +0200 (CEST) Subject: SUSE-SU-2019:1486-1: moderate: Security update for elfutils Message-ID: <20190613131144.80651FEA9@maintenance.suse.de> SUSE Security Update: Security update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1486-1 Rating: moderate References: #1033084 #1033085 #1033086 #1033087 #1033088 #1033089 #1033090 #1106390 #1107066 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 Cross-References: CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1486=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1486=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1486=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): elfutils-debugsource-0.168-4.5.3 libasm1-32bit-0.168-4.5.3 libasm1-32bit-debuginfo-0.168-4.5.3 libelf-devel-32bit-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): elfutils-0.168-4.5.3 elfutils-debuginfo-0.168-4.5.3 elfutils-debugsource-0.168-4.5.3 libasm-devel-0.168-4.5.3 libasm1-0.168-4.5.3 libasm1-debuginfo-0.168-4.5.3 libdw-devel-0.168-4.5.3 libdw1-0.168-4.5.3 libdw1-debuginfo-0.168-4.5.3 libebl-devel-0.168-4.5.3 libebl-plugins-0.168-4.5.3 libebl-plugins-debuginfo-0.168-4.5.3 libelf-devel-0.168-4.5.3 libelf1-0.168-4.5.3 libelf1-debuginfo-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): elfutils-lang-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdw1-32bit-0.168-4.5.3 libdw1-32bit-debuginfo-0.168-4.5.3 libebl-plugins-32bit-0.168-4.5.3 libebl-plugins-32bit-debuginfo-0.168-4.5.3 libelf1-32bit-0.168-4.5.3 libelf1-32bit-debuginfo-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): elfutils-0.168-4.5.3 elfutils-debuginfo-0.168-4.5.3 elfutils-debugsource-0.168-4.5.3 libasm-devel-0.168-4.5.3 libasm1-0.168-4.5.3 libasm1-debuginfo-0.168-4.5.3 libdw-devel-0.168-4.5.3 libdw1-0.168-4.5.3 libdw1-debuginfo-0.168-4.5.3 libebl-devel-0.168-4.5.3 libebl-plugins-0.168-4.5.3 libebl-plugins-debuginfo-0.168-4.5.3 libelf-devel-0.168-4.5.3 libelf1-0.168-4.5.3 libelf1-debuginfo-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libdw1-32bit-0.168-4.5.3 libdw1-32bit-debuginfo-0.168-4.5.3 libebl-plugins-32bit-0.168-4.5.3 libebl-plugins-32bit-debuginfo-0.168-4.5.3 libelf1-32bit-0.168-4.5.3 libelf1-32bit-debuginfo-0.168-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): elfutils-lang-0.168-4.5.3 References: https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7609.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16402.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033086 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107066 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 From sle-updates at lists.suse.com Thu Jun 13 10:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 18:11:18 +0200 (CEST) Subject: SUSE-SU-2019:1490-1: important: Security update for libvirt Message-ID: <20190613161119.00CA1FEA9@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1490-1 Rating: important References: #1111331 #1133229 #1134348 #1135273 #1136109 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-10132 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issues fixed: - CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348) Non security issues fixed: - delay global firewall setup if no networks are running (bsc#1133229) - add systemd-container dependency to qemu and lxc drivers (bsc#1136109) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1490=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1490=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1490=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-8.3.1 libvirt-admin-5.1.0-8.3.1 libvirt-admin-debuginfo-5.1.0-8.3.1 libvirt-client-5.1.0-8.3.1 libvirt-client-debuginfo-5.1.0-8.3.1 libvirt-daemon-5.1.0-8.3.1 libvirt-daemon-config-network-5.1.0-8.3.1 libvirt-daemon-config-nwfilter-5.1.0-8.3.1 libvirt-daemon-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-interface-5.1.0-8.3.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-lxc-5.1.0-8.3.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-network-5.1.0-8.3.1 libvirt-daemon-driver-network-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-nodedev-5.1.0-8.3.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-nwfilter-5.1.0-8.3.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-qemu-5.1.0-8.3.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-secret-5.1.0-8.3.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-5.1.0-8.3.1 libvirt-daemon-driver-storage-core-5.1.0-8.3.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-disk-5.1.0-8.3.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.3.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-logical-5.1.0-8.3.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-mpath-5.1.0-8.3.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.3.1 libvirt-daemon-driver-storage-scsi-5.1.0-8.3.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.3.1 libvirt-daemon-hooks-5.1.0-8.3.1 libvirt-daemon-lxc-5.1.0-8.3.1 libvirt-daemon-qemu-5.1.0-8.3.1 libvirt-debugsource-5.1.0-8.3.1 libvirt-devel-5.1.0-8.3.1 libvirt-lock-sanlock-5.1.0-8.3.1 libvirt-lock-sanlock-debuginfo-5.1.0-8.3.1 libvirt-nss-5.1.0-8.3.1 libvirt-nss-debuginfo-5.1.0-8.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-8.3.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): libvirt-bash-completion-5.1.0-8.3.1 libvirt-doc-5.1.0-8.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): libvirt-daemon-driver-libxl-5.1.0-8.3.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.3.1 libvirt-daemon-xen-5.1.0-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.3.1 wireshark-plugin-libvirt-5.1.0-8.3.1 wireshark-plugin-libvirt-debuginfo-5.1.0-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.3.1 libvirt-libs-5.1.0-8.3.1 libvirt-libs-debuginfo-5.1.0-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-10132.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1133229 https://bugzilla.suse.com/1134348 https://bugzilla.suse.com/1135273 https://bugzilla.suse.com/1136109 From sle-updates at lists.suse.com Thu Jun 13 10:12:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 18:12:42 +0200 (CEST) Subject: SUSE-SU-2019:1489-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15) Message-ID: <20190613161242.DBEC2FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1489-1 Rating: important References: #1131390 Cross-References: CVE-2018-14734 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-23 fixes one issue. The following security issue was fixed: - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free) (bsc#1131390). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1489=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-10-28.1 kernel-livepatch-4_12_14-23-default-debuginfo-10-28.1 kernel-livepatch-SLE15_Update_0-debugsource-10-28.1 References: https://www.suse.com/security/cve/CVE-2018-14734.html https://bugzilla.suse.com/1131390 From sle-updates at lists.suse.com Thu Jun 13 10:13:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 18:13:25 +0200 (CEST) Subject: SUSE-RU-2019:1492-1: Recommended update for libidn Message-ID: <20190613161325.E7D02FEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libidn ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1492-1 Rating: low References: #1132869 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1492=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1492=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1492=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.34-3.2.2 libidn-tools-1.34-3.2.2 libidn-tools-debuginfo-1.34-3.2.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.34-3.2.2 libidn-tools-1.34-3.2.2 libidn-tools-debuginfo-1.34-3.2.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.34-3.2.2 libidn-devel-1.34-3.2.2 libidn11-1.34-3.2.2 libidn11-debuginfo-1.34-3.2.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libidn11-32bit-1.34-3.2.1 libidn11-32bit-debuginfo-1.34-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.34-3.2.2 libidn-devel-1.34-3.2.2 libidn11-1.34-3.2.2 libidn11-debuginfo-1.34-3.2.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libidn11-32bit-1.34-3.2.1 libidn11-32bit-debuginfo-1.34-3.2.1 References: https://bugzilla.suse.com/1132869 From sle-updates at lists.suse.com Thu Jun 13 10:14:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 18:14:09 +0200 (CEST) Subject: SUSE-RU-2019:1491-1: moderate: Recommended update for onboard Message-ID: <20190613161409.3627DFEA9@maintenance.suse.de> SUSE Recommended Update: Recommended update for onboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1491-1 Rating: moderate References: #1082318 #1131071 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for onboard fixes the following issues: onboard is added to SUSE Linux Enterprise 15 (fate#326794, bsc#1131071). onboard provides an on-screen keyboard to the GNOME desktop for use in touchscreen settings. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1491=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1491=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1491=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1491=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1491=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): canberra-gtk-play-gnome-0.30-3.2.3 libcanberra-debugsource-0.30-3.2.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libcanberra-gtk0-32bit-0.30-3.2.3 libcanberra-gtk0-32bit-debuginfo-0.30-3.2.3 libcanberra-gtk2-module-32bit-0.30-3.2.3 libcanberra-gtk2-module-32bit-debuginfo-0.30-3.2.3 libcanberra-gtk3-0-32bit-0.30-3.2.3 libcanberra-gtk3-0-32bit-debuginfo-0.30-3.2.3 libcanberra-gtk3-module-32bit-0.30-3.2.3 libcanberra-gtk3-module-32bit-debuginfo-0.30-3.2.3 libcanberra0-32bit-0.30-3.2.3 libcanberra0-32bit-debuginfo-0.30-3.2.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): canberra-gtk-play-gnome-0.30-3.2.3 libcanberra-debugsource-0.30-3.2.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): canberra-gtk-play-0.30-3.2.3 canberra-gtk-play-debuginfo-0.30-3.2.3 libcanberra-debugsource-0.30-3.2.3 libcanberra-devel-0.30-3.2.3 libcanberra-gtk-devel-0.30-3.2.3 libcanberra-gtk-module-common-0.30-3.2.3 libcanberra-gtk0-0.30-3.2.3 libcanberra-gtk0-debuginfo-0.30-3.2.3 libcanberra-gtk2-module-0.30-3.2.3 libcanberra-gtk2-module-debuginfo-0.30-3.2.3 libcanberra-gtk3-0-0.30-3.2.3 libcanberra-gtk3-0-debuginfo-0.30-3.2.3 libcanberra-gtk3-devel-0.30-3.2.3 libcanberra-gtk3-module-0.30-3.2.3 libcanberra-gtk3-module-debuginfo-0.30-3.2.3 libcanberra0-0.30-3.2.3 libcanberra0-debuginfo-0.30-3.2.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gnome-shell-extension-onboard-1.4.1-1.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): canberra-gtk-play-0.30-3.2.3 canberra-gtk-play-debuginfo-0.30-3.2.3 libcanberra-debugsource-0.30-3.2.3 libcanberra-devel-0.30-3.2.3 libcanberra-gtk-devel-0.30-3.2.3 libcanberra-gtk-module-common-0.30-3.2.3 libcanberra-gtk0-0.30-3.2.3 libcanberra-gtk0-debuginfo-0.30-3.2.3 libcanberra-gtk2-module-0.30-3.2.3 libcanberra-gtk2-module-debuginfo-0.30-3.2.3 libcanberra-gtk3-0-0.30-3.2.3 libcanberra-gtk3-0-debuginfo-0.30-3.2.3 libcanberra-gtk3-devel-0.30-3.2.3 libcanberra-gtk3-module-0.30-3.2.3 libcanberra-gtk3-module-debuginfo-0.30-3.2.3 libcanberra0-0.30-3.2.3 libcanberra0-debuginfo-0.30-3.2.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-extension-onboard-1.4.1-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libcanberra0-0.30-3.2.3 libcanberra0-debuginfo-0.30-3.2.3 onboard-1.4.1-1.6.1 onboard-debuginfo-1.4.1-1.6.1 onboard-debugsource-1.4.1-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): onboard-data-1.4.1-1.6.1 onboard-lang-1.4.1-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libcanberra0-0.30-3.2.3 libcanberra0-debuginfo-0.30-3.2.3 onboard-1.4.1-1.6.1 onboard-debuginfo-1.4.1-1.6.1 onboard-debugsource-1.4.1-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): onboard-data-1.4.1-1.6.1 onboard-lang-1.4.1-1.6.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1131071 From sle-updates at lists.suse.com Thu Jun 13 13:10:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 21:10:30 +0200 (CEST) Subject: SUSE-RU-2019:1493-1: moderate: Recommended update for binutils Message-ID: <20190613191030.23B3EFF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1493-1 Rating: moderate References: #1137271 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: - Add support for new IBM zSeries z13 instructions. (fate#327074, jsc#SLE-6206, bsc#1137271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1493=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1493=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1493=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1493=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1493=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1493=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1493=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 binutils-devel-2.31-9.29.1 binutils-gold-2.31-9.29.1 binutils-gold-debuginfo-2.31-9.29.1 cross-ppc-binutils-2.31-9.29.1 cross-ppc-binutils-debuginfo-2.31-9.29.1 cross-ppc-binutils-debugsource-2.31-9.29.1 cross-spu-binutils-2.31-9.29.1 cross-spu-binutils-debuginfo-2.31-9.29.1 cross-spu-binutils-debugsource-2.31-9.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 binutils-devel-2.31-9.29.1 cross-ppc-binutils-2.31-9.29.1 cross-ppc-binutils-debuginfo-2.31-9.29.1 cross-ppc-binutils-debugsource-2.31-9.29.1 cross-spu-binutils-2.31-9.29.1 cross-spu-binutils-debuginfo-2.31-9.29.1 cross-spu-binutils-debugsource-2.31-9.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): binutils-gold-2.31-9.29.1 binutils-gold-debuginfo-2.31-9.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.31-9.29.1 binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.31-9.29.1 binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): binutils-2.31-9.29.1 binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): binutils-2.31-9.29.1 binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): binutils-2.31-9.29.1 binutils-debuginfo-2.31-9.29.1 binutils-debugsource-2.31-9.29.1 References: https://bugzilla.suse.com/1137271 From sle-updates at lists.suse.com Thu Jun 13 13:11:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jun 2019 21:11:46 +0200 (CEST) Subject: SUSE-SU-2019:1234-2: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Message-ID: <20190613191146.218E7FF11@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1234-2 Rating: important References: #1114209 #1114832 #1118897 #1118898 #1118899 #1121397 #1121967 #1123013 #1128376 #1128746 #1134068 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 CVE-2019-6486 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1234=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-1234=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.5-5.13.1 docker-debuginfo-18.09.6_ce-6.17.1 docker-debugsource-18.09.6_ce-6.17.1 docker-test-18.09.6_ce-6.17.1 docker-test-debuginfo-18.09.6_ce-6.17.1 go-1.12-3.10.1 go-doc-1.12-3.10.1 go1.11-1.11.9-1.12.1 go1.11-doc-1.11.9-1.12.1 go1.12-1.12.4-1.9.1 go1.12-doc-1.12.4-1.9.1 golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go-race-1.12-3.10.1 go1.11-race-1.11.9-1.12.1 go1.12-race-1.12.4-1.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): containerd-test-1.2.5-5.13.1 docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 docker-zsh-completion-18.09.6_ce-6.17.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): containerd-1.2.5-5.13.1 docker-18.09.6_ce-6.17.1 docker-debuginfo-18.09.6_ce-6.17.1 docker-debugsource-18.09.6_ce-6.17.1 docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): docker-bash-completion-18.09.6_ce-6.17.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-5736.html https://www.suse.com/security/cve/CVE-2019-6486.html https://bugzilla.suse.com/1114209 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121397 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1123013 https://bugzilla.suse.com/1128376 https://bugzilla.suse.com/1128746 https://bugzilla.suse.com/1134068 From sle-updates at lists.suse.com Fri Jun 14 07:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 15:11:00 +0200 (CEST) Subject: SUSE-RU-2019:1494-1: moderate: Recommended update for PackageKit Message-ID: <20190614131100.DD31AFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1494-1 Rating: moderate References: #1038425 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for PackageKit provides the following fixes: - Allow gnome-packagekit to display interactive messages while updating a package. (bsc#1038425) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1494=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1494=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1494=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): PackageKit-debuginfo-1.1.10-4.8.1 PackageKit-debugsource-1.1.10-4.8.1 PackageKit-gstreamer-plugin-1.1.10-4.8.1 PackageKit-gstreamer-plugin-debuginfo-1.1.10-4.8.1 PackageKit-gtk3-module-1.1.10-4.8.1 PackageKit-gtk3-module-debuginfo-1.1.10-4.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): PackageKit-branding-upstream-1.1.10-4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.10-4.8.1 PackageKit-backend-zypp-1.1.10-4.8.1 PackageKit-backend-zypp-debuginfo-1.1.10-4.8.1 PackageKit-debuginfo-1.1.10-4.8.1 PackageKit-debugsource-1.1.10-4.8.1 PackageKit-devel-1.1.10-4.8.1 PackageKit-devel-debuginfo-1.1.10-4.8.1 libpackagekit-glib2-18-1.1.10-4.8.1 libpackagekit-glib2-18-debuginfo-1.1.10-4.8.1 libpackagekit-glib2-devel-1.1.10-4.8.1 typelib-1_0-PackageKitGlib-1_0-1.1.10-4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): PackageKit-lang-1.1.10-4.8.1 References: https://bugzilla.suse.com/1038425 From sle-updates at lists.suse.com Fri Jun 14 10:11:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:11:26 +0200 (CEST) Subject: SUSE-SU-2019:1495-1: important: Security update for MozillaThunderbird Message-ID: <20190614161126.1418FFFC5@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1495-1 Rating: important References: #1137595 Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following security issues: - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1495=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1495=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.7.0-3.36.1 MozillaThunderbird-debuginfo-60.7.0-3.36.1 MozillaThunderbird-debugsource-60.7.0-3.36.1 MozillaThunderbird-translations-common-60.7.0-3.36.1 MozillaThunderbird-translations-other-60.7.0-3.36.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.7.0-3.36.1 MozillaThunderbird-debuginfo-60.7.0-3.36.1 MozillaThunderbird-debugsource-60.7.0-3.36.1 MozillaThunderbird-translations-common-60.7.0-3.36.1 MozillaThunderbird-translations-other-60.7.0-3.36.1 References: https://www.suse.com/security/cve/CVE-2019-11703.html https://www.suse.com/security/cve/CVE-2019-11704.html https://www.suse.com/security/cve/CVE-2019-11705.html https://www.suse.com/security/cve/CVE-2019-11706.html https://bugzilla.suse.com/1137595 From sle-updates at lists.suse.com Fri Jun 14 10:12:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:12:05 +0200 (CEST) Subject: SUSE-SU-2019:1508-1: important: Security update for gstreamer-0_10-plugins-base Message-ID: <20190614161205.F36C5FFC5@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1508-1 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1508=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1508=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1508=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.9.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.9.1 libgstapp-0_10-0-32bit-0.10.36-11.9.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.9.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.9.1 libgstapp-0_10-0-32bit-0.10.36-11.9.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.9.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.9.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.9.1 libgstapp-0_10-0-32bit-0.10.36-11.9.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-32bit-0.10.36-11.9.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.9.1 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Fri Jun 14 10:12:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:12:42 +0200 (CEST) Subject: SUSE-RU-2019:1503-1: moderate: Recommended update for open-vm-tools Message-ID: <20190614161242.CD6F1FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1503-1 Rating: moderate References: #1122435 #1133623 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update vmtoolsd.service tools to run after the network service is ready. (bsc#1133623) - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLES 12 SP3. (bsc#1122435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1503=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1503=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): open-vm-tools-debuginfo-10.3.10-3.17.1 open-vm-tools-debugsource-10.3.10-3.17.1 open-vm-tools-desktop-10.3.10-3.17.1 open-vm-tools-desktop-debuginfo-10.3.10-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libvmtools-devel-10.3.10-3.17.1 libvmtools0-10.3.10-3.17.1 libvmtools0-debuginfo-10.3.10-3.17.1 open-vm-tools-10.3.10-3.17.1 open-vm-tools-debuginfo-10.3.10-3.17.1 open-vm-tools-debugsource-10.3.10-3.17.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1133623 From sle-updates at lists.suse.com Fri Jun 14 10:13:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:13:29 +0200 (CEST) Subject: SUSE-RU-2019:1504-1: moderate: Recommended update for open-vm-tools Message-ID: <20190614161329.BB350FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1504-1 Rating: moderate References: #1122435 #1133623 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update vmtoolsd.service tools to run after the network service is ready. (bsc#1133623) - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLES 12 SP3. (bsc#1122435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1504=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1504=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.3.10-3.28.1 libvmtools0-debuginfo-10.3.10-3.28.1 open-vm-tools-10.3.10-3.28.1 open-vm-tools-debuginfo-10.3.10-3.28.1 open-vm-tools-debugsource-10.3.10-3.28.1 open-vm-tools-desktop-10.3.10-3.28.1 open-vm-tools-desktop-debuginfo-10.3.10-3.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.3.10-3.28.1 libvmtools0-debuginfo-10.3.10-3.28.1 open-vm-tools-10.3.10-3.28.1 open-vm-tools-debuginfo-10.3.10-3.28.1 open-vm-tools-debugsource-10.3.10-3.28.1 open-vm-tools-desktop-10.3.10-3.28.1 open-vm-tools-desktop-debuginfo-10.3.10-3.28.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.3.10-3.28.1 libvmtools0-debuginfo-10.3.10-3.28.1 open-vm-tools-10.3.10-3.28.1 open-vm-tools-debuginfo-10.3.10-3.28.1 open-vm-tools-debugsource-10.3.10-3.28.1 - SUSE CaaS Platform 3.0 (x86_64): libvmtools0-10.3.10-3.28.1 libvmtools0-debuginfo-10.3.10-3.28.1 open-vm-tools-10.3.10-3.28.1 open-vm-tools-debuginfo-10.3.10-3.28.1 open-vm-tools-debugsource-10.3.10-3.28.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1133623 From sle-updates at lists.suse.com Fri Jun 14 10:14:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:14:14 +0200 (CEST) Subject: SUSE-RU-2019:1498-1: moderate: Recommended update for yast2-storage-ng, libstorage-ng, and autoyast2 Message-ID: <20190614161414.5D9E6FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng, libstorage-ng, and autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1498-1 Rating: moderate References: #1104899 #1120979 #1121720 #1122660 #1130256 #1134330 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libstorage-ng, yast2-storage-ng, and autoyast2 fixes the following issues: # Package: yast2-storage-ng - Fixes broken support for retaining existing MD RAIDs in some scenarios (bsc#1120979, bsc#1121720). - Adds support for installing over NFS (bsc#1130256). - Adds a new format for importing/exporting NFS drives - It will no longer ask for a reusable filesystem when it's not really needed (bsc#1134330) # Package: libstorage-ng - Does no longer crash when parsing docker devices (bsc#1104899) # Package: autoyast2 - Removed check for available devices. When there are no devices, the proposal issues will be shown (bsc#1130256) - Fixes an issue where IPv6 gets activated even if it was deactivated (bsc#1122660) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1498=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1498=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-1498=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.318-3.25.5 libstorage-ng-debugsource-3.3.318-3.25.5 libstorage-ng-integration-tests-3.3.318-3.25.5 libstorage-ng-python3-3.3.318-3.25.5 libstorage-ng-python3-debuginfo-3.3.318-3.25.5 libstorage-ng-utils-3.3.318-3.25.5 libstorage-ng-utils-debuginfo-3.3.318-3.25.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.318-3.25.5 libstorage-ng-debugsource-3.3.318-3.25.5 libstorage-ng-devel-3.3.318-3.25.5 libstorage-ng-ruby-3.3.318-3.25.5 libstorage-ng-ruby-debuginfo-3.3.318-3.25.5 libstorage-ng1-3.3.318-3.25.5 libstorage-ng1-debuginfo-3.3.318-3.25.5 yast2-storage-ng-4.0.221-3.43.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): autoyast2-4.0.69-3.17.10 autoyast2-installation-4.0.69-3.17.10 libstorage-ng-lang-3.3.318-3.25.5 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-3.3.318-3.25.5 libstorage-ng1-3.3.318-3.25.5 yast2-storage-ng-4.0.221-3.43.1 - SUSE Linux Enterprise Installer 15 (noarch): autoyast2-4.0.69-3.17.10 autoyast2-installation-4.0.69-3.17.10 libstorage-ng-lang-3.3.318-3.25.5 References: https://bugzilla.suse.com/1104899 https://bugzilla.suse.com/1120979 https://bugzilla.suse.com/1121720 https://bugzilla.suse.com/1122660 https://bugzilla.suse.com/1130256 https://bugzilla.suse.com/1134330 From sle-updates at lists.suse.com Fri Jun 14 10:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:15:44 +0200 (CEST) Subject: SUSE-RU-2019:1497-1: moderate: Recommended update for sblim-gather Message-ID: <20190614161544.CCF64FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-gather ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1497-1 Rating: moderate References: #1027980 #1028716 #1085275 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sblim-gather provides the following fixes: - Use correctly the return value of calloc for arrays. (bsc#1028716) - Use full path when querying s390 ECKD devices. (bsc#1028716) - Make sure that /run/gather subdirectory is registered with tmpfile.d and created after every reboot. (bsc#1027980) - Replace the init.d service file with a systemd service file. (bsc#1085275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1497=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1497=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1497=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1497=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sblim-gather-debuginfo-2.2.8-3.5.5 sblim-gather-debugsource-2.2.8-3.5.5 sblim-gather-devel-2.2.8-3.5.5 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sblim-gather-debuginfo-2.2.8-3.5.5 sblim-gather-debugsource-2.2.8-3.5.5 sblim-gather-devel-2.2.8-3.5.5 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sblim-gather-2.2.8-3.5.5 sblim-gather-debuginfo-2.2.8-3.5.5 sblim-gather-debugsource-2.2.8-3.5.5 sblim-gather-provider-2.2.8-3.5.5 sblim-gather-provider-debuginfo-2.2.8-3.5.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sblim-gather-2.2.8-3.5.5 sblim-gather-debuginfo-2.2.8-3.5.5 sblim-gather-debugsource-2.2.8-3.5.5 sblim-gather-provider-2.2.8-3.5.5 sblim-gather-provider-debuginfo-2.2.8-3.5.5 References: https://bugzilla.suse.com/1027980 https://bugzilla.suse.com/1028716 https://bugzilla.suse.com/1085275 From sle-updates at lists.suse.com Fri Jun 14 10:17:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:17:28 +0200 (CEST) Subject: SUSE-RU-2019:1501-1: moderate: Recommended update for mvapich2 Message-ID: <20190614161728.97E1EFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for mvapich2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1501-1 Rating: moderate References: #1116458 #1129421 #1133797 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mvapich2 provides the following fixes: - Fix a segfault when running on a machine with no RDMA hardware. (bsc#1133797) - Add patch to remove obsolete GCC check and also patch autogen.sh to get the autotools working in SLE12SP4. (bsc#1129421) - Force to re-run autotools to generate properly the files after patching files. - Add macro _hpc_mvapich2_modules for modules support (bsc#1116458). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1501=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1501=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): mvapich2-debuginfo-2.2-10.3.1 mvapich2-debugsource-2.2-10.3.1 mvapich2-devel-2.2-10.3.1 mvapich2-devel-static-2.2-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (x86_64): mvapich2-psm-debuginfo-2.2-10.3.1 mvapich2-psm-debugsource-2.2-10.3.1 mvapich2-psm-devel-2.2-10.3.1 mvapich2-psm-devel-static-2.2-10.3.1 mvapich2-psm2-debuginfo-2.2-10.3.1 mvapich2-psm2-debugsource-2.2-10.3.1 mvapich2-psm2-devel-2.2-10.3.1 mvapich2-psm2-devel-static-2.2-10.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mvapich2-2.2-10.3.1 mvapich2-debuginfo-2.2-10.3.1 mvapich2-debugsource-2.2-10.3.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): mvapich2-psm-2.2-10.3.1 mvapich2-psm-debuginfo-2.2-10.3.1 mvapich2-psm-debugsource-2.2-10.3.1 mvapich2-psm2-2.2-10.3.1 mvapich2-psm2-debuginfo-2.2-10.3.1 mvapich2-psm2-debugsource-2.2-10.3.1 References: https://bugzilla.suse.com/1116458 https://bugzilla.suse.com/1129421 https://bugzilla.suse.com/1133797 From sle-updates at lists.suse.com Fri Jun 14 10:18:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:18:27 +0200 (CEST) Subject: SUSE-RU-2019:1496-1: moderate: Recommended update for python-parallax Message-ID: <20190614161827.7954BFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1496-1 Rating: moderate References: #1131136 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issues: - Fixes an issue where an upgrade to a newer version has caused file conflicts (bsc#1131136) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1496=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): python3-parallax-1.0.4-2.8.1 References: https://bugzilla.suse.com/1131136 From sle-updates at lists.suse.com Fri Jun 14 10:19:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:19:06 +0200 (CEST) Subject: SUSE-RU-2019:1499-1: moderate: Recommended update for gtk3 Message-ID: <20190614161906.CFFE4FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1499-1 Rating: moderate References: #1134059 #1136605 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gtk3 provides the following fixes: - Improve font handling. (bsc#1134059) - Always use the None pixmap for no background on X11, to prevent GTK3 applications from staying on top of other applications in Awesome WM. (bsc#1136605) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1499=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1499=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1499=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1499=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gtk3-debugsource-3.22.30-4.16.2 gtk3-immodule-amharic-3.22.30-4.16.2 gtk3-immodule-amharic-debuginfo-3.22.30-4.16.2 gtk3-immodule-broadway-3.22.30-4.16.2 gtk3-immodule-broadway-debuginfo-3.22.30-4.16.2 gtk3-immodule-inuktitut-3.22.30-4.16.2 gtk3-immodule-inuktitut-debuginfo-3.22.30-4.16.2 gtk3-immodule-multipress-3.22.30-4.16.2 gtk3-immodule-multipress-debuginfo-3.22.30-4.16.2 gtk3-immodule-thai-3.22.30-4.16.2 gtk3-immodule-thai-debuginfo-3.22.30-4.16.2 gtk3-immodule-vietnamese-3.22.30-4.16.2 gtk3-immodule-vietnamese-debuginfo-3.22.30-4.16.2 gtk3-immodule-xim-3.22.30-4.16.2 gtk3-immodule-xim-debuginfo-3.22.30-4.16.2 gtk3-immodules-tigrigna-3.22.30-4.16.2 gtk3-immodules-tigrigna-debuginfo-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): gtk3-devel-32bit-3.22.30-4.16.2 gtk3-devel-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-amharic-32bit-3.22.30-4.16.2 gtk3-immodule-amharic-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-inuktitut-32bit-3.22.30-4.16.2 gtk3-immodule-inuktitut-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-multipress-32bit-3.22.30-4.16.2 gtk3-immodule-multipress-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-thai-32bit-3.22.30-4.16.2 gtk3-immodule-thai-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-vietnamese-32bit-3.22.30-4.16.2 gtk3-immodule-vietnamese-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodule-xim-32bit-3.22.30-4.16.2 gtk3-immodule-xim-32bit-debuginfo-3.22.30-4.16.2 gtk3-immodules-tigrigna-32bit-3.22.30-4.16.2 gtk3-immodules-tigrigna-32bit-debuginfo-3.22.30-4.16.2 gtk3-tools-32bit-3.22.30-4.16.2 gtk3-tools-32bit-debuginfo-3.22.30-4.16.2 libgtk-3-0-32bit-3.22.30-4.16.2 libgtk-3-0-32bit-debuginfo-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gtk3-branding-upstream-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gtk3-debugsource-3.22.30-4.16.2 gtk3-immodule-amharic-3.22.30-4.16.2 gtk3-immodule-amharic-debuginfo-3.22.30-4.16.2 gtk3-immodule-broadway-3.22.30-4.16.2 gtk3-immodule-broadway-debuginfo-3.22.30-4.16.2 gtk3-immodule-inuktitut-3.22.30-4.16.2 gtk3-immodule-inuktitut-debuginfo-3.22.30-4.16.2 gtk3-immodule-multipress-3.22.30-4.16.2 gtk3-immodule-multipress-debuginfo-3.22.30-4.16.2 gtk3-immodule-thai-3.22.30-4.16.2 gtk3-immodule-thai-debuginfo-3.22.30-4.16.2 gtk3-immodule-vietnamese-3.22.30-4.16.2 gtk3-immodule-vietnamese-debuginfo-3.22.30-4.16.2 gtk3-immodule-xim-3.22.30-4.16.2 gtk3-immodule-xim-debuginfo-3.22.30-4.16.2 gtk3-immodules-tigrigna-3.22.30-4.16.2 gtk3-immodules-tigrigna-debuginfo-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gtk3-branding-upstream-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.22.30-4.16.2 gtk3-debugsource-3.22.30-4.16.2 gtk3-devel-3.22.30-4.16.2 gtk3-devel-debuginfo-3.22.30-4.16.2 gtk3-tools-3.22.30-4.16.2 gtk3-tools-debuginfo-3.22.30-4.16.2 libgtk-3-0-3.22.30-4.16.2 libgtk-3-0-debuginfo-3.22.30-4.16.2 typelib-1_0-Gtk-3_0-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): gtk3-data-3.22.30-4.16.2 gtk3-lang-3.22.30-4.16.2 gtk3-schema-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.22.30-4.16.2 gtk3-debugsource-3.22.30-4.16.2 gtk3-devel-3.22.30-4.16.2 gtk3-devel-debuginfo-3.22.30-4.16.2 gtk3-tools-3.22.30-4.16.2 gtk3-tools-debuginfo-3.22.30-4.16.2 libgtk-3-0-3.22.30-4.16.2 libgtk-3-0-debuginfo-3.22.30-4.16.2 typelib-1_0-Gtk-3_0-3.22.30-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gtk3-data-3.22.30-4.16.2 gtk3-lang-3.22.30-4.16.2 gtk3-schema-3.22.30-4.16.2 References: https://bugzilla.suse.com/1134059 https://bugzilla.suse.com/1136605 From sle-updates at lists.suse.com Fri Jun 14 10:19:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:19:59 +0200 (CEST) Subject: SUSE-RU-2019:1502-1: moderate: Recommended update for python-M2Crypto Message-ID: <20190614161959.4F62DFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1502-1 Rating: moderate References: #1135009 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-M2Crypto fixes the following issues: - Fix the use of urlunsplit() to make osc work behind a proxy (bsc#1135009) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1502=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1502=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1502=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1502=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1502=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1502=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.28.2-3.3.1 python-M2Crypto-debugsource-0.28.2-3.3.1 python3-M2Crypto-0.28.2-3.3.1 python3-M2Crypto-debuginfo-0.28.2-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.28.2-3.3.1 python-M2Crypto-debugsource-0.28.2-3.3.1 python2-M2Crypto-0.28.2-3.3.1 python2-M2Crypto-debuginfo-0.28.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-M2Crypto-doc-0.28.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-M2Crypto-doc-0.28.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.28.2-3.3.1 python-M2Crypto-debugsource-0.28.2-3.3.1 python3-M2Crypto-0.28.2-3.3.1 python3-M2Crypto-debuginfo-0.28.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.28.2-3.3.1 python-M2Crypto-debugsource-0.28.2-3.3.1 python2-M2Crypto-0.28.2-3.3.1 python2-M2Crypto-debuginfo-0.28.2-3.3.1 References: https://bugzilla.suse.com/1135009 From sle-updates at lists.suse.com Fri Jun 14 10:20:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:20:50 +0200 (CEST) Subject: SUSE-RU-2019:1506-1: moderate: Recommended update for postfix Message-ID: <20190614162050.3F136FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1506-1 Rating: moderate References: #1045264 #1104543 #771811 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for postfix fixes the following issues: - config.postfix does not start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT="must". (bsc#1104543) - L3: postmap error. Applying proposed patch of leen.meyer at ziggo.nl (bsc#1045264) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1506=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1506=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1506=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): postfix-2.11.6-26.10.1 postfix-debuginfo-2.11.6-26.10.1 postfix-debugsource-2.11.6-26.10.1 postfix-mysql-2.11.6-26.10.1 postfix-mysql-debuginfo-2.11.6-26.10.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postfix-doc-2.11.6-26.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): postfix-2.11.6-26.10.1 postfix-debuginfo-2.11.6-26.10.1 postfix-debugsource-2.11.6-26.10.1 postfix-mysql-2.11.6-26.10.1 postfix-mysql-debuginfo-2.11.6-26.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postfix-doc-2.11.6-26.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postfix-2.11.6-26.10.1 postfix-debuginfo-2.11.6-26.10.1 postfix-debugsource-2.11.6-26.10.1 postfix-mysql-2.11.6-26.10.1 postfix-mysql-debuginfo-2.11.6-26.10.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postfix-doc-2.11.6-26.10.1 References: https://bugzilla.suse.com/1045264 https://bugzilla.suse.com/1104543 https://bugzilla.suse.com/771811 From sle-updates at lists.suse.com Fri Jun 14 10:22:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:22:17 +0200 (CEST) Subject: SUSE-RU-2019:1505-1: moderate: Recommended update for open-vm-tools Message-ID: <20190614162217.CFF83FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1505-1 Rating: moderate References: #1122435 #1133623 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update vmtoolsd.service tools to run after the network service is ready. (bsc#1133623) - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLES 12 SP3. (bsc#1122435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1505=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1505=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvmtools0-10.3.10-4.9.1 libvmtools0-debuginfo-10.3.10-4.9.1 open-vm-tools-10.3.10-4.9.1 open-vm-tools-debuginfo-10.3.10-4.9.1 open-vm-tools-debugsource-10.3.10-4.9.1 open-vm-tools-desktop-10.3.10-4.9.1 open-vm-tools-desktop-debuginfo-10.3.10-4.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvmtools0-10.3.10-4.9.1 libvmtools0-debuginfo-10.3.10-4.9.1 open-vm-tools-10.3.10-4.9.1 open-vm-tools-debuginfo-10.3.10-4.9.1 open-vm-tools-debugsource-10.3.10-4.9.1 open-vm-tools-desktop-10.3.10-4.9.1 open-vm-tools-desktop-debuginfo-10.3.10-4.9.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1133623 From sle-updates at lists.suse.com Fri Jun 14 10:23:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 18:23:07 +0200 (CEST) Subject: SUSE-RU-2019:1500-1: moderate: Recommended update for yast2-network Message-ID: <20190614162307.849EEFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1500-1 Rating: moderate References: #1123102 #1131588 #1136103 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop Installer 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Yast2 network crashes when configure a static IP without hostname. (bnc#1123102) - Network bonding: undefined method 'split'. (bnc#1136103) - Display a confirmation popup when a static route is going to be removed after switching a device to DHCP. (bsc#1131588) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP3: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP3-2019-1500=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-1500=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1500=1 - SUSE Linux Enterprise Desktop Installer 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP3-2019-1500=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1500=1 Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP3 (noarch): yast2-network-3.2.58-2.50.1 - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): yast2-network-3.2.58-2.50.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.58-2.50.1 - SUSE Linux Enterprise Desktop Installer 12-SP3 (noarch): yast2-network-3.2.58-2.50.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.58-2.50.1 References: https://bugzilla.suse.com/1123102 https://bugzilla.suse.com/1131588 https://bugzilla.suse.com/1136103 From sle-updates at lists.suse.com Fri Jun 14 13:10:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 21:10:55 +0200 (CEST) Subject: SUSE-SU-2019:1509-1: important: Security update for gstreamer-plugins-base Message-ID: <20190614191055.3AD86FEA9@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1509-1 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1509=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1509=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1509=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gstreamer-plugins-base-1.2.4-2.9.1 gstreamer-plugins-base-debuginfo-1.2.4-2.9.1 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.9.1 gstreamer-plugins-base-debugsource-1.2.4-2.9.1 libgstallocators-1_0-0-1.2.4-2.9.1 libgstallocators-1_0-0-debuginfo-1.2.4-2.9.1 libgstapp-1_0-0-1.2.4-2.9.1 libgstapp-1_0-0-32bit-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-1.2.4-2.9.1 libgstaudio-1_0-0-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstfft-1_0-0-1.2.4-2.9.1 libgstfft-1_0-0-debuginfo-1.2.4-2.9.1 libgstpbutils-1_0-0-1.2.4-2.9.1 libgstpbutils-1_0-0-32bit-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstriff-1_0-0-1.2.4-2.9.1 libgstriff-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtp-1_0-0-1.2.4-2.9.1 libgstrtp-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtsp-1_0-0-1.2.4-2.9.1 libgstrtsp-1_0-0-debuginfo-1.2.4-2.9.1 libgstsdp-1_0-0-1.2.4-2.9.1 libgstsdp-1_0-0-debuginfo-1.2.4-2.9.1 libgsttag-1_0-0-1.2.4-2.9.1 libgsttag-1_0-0-32bit-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-1.2.4-2.9.1 libgstvideo-1_0-0-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gstreamer-plugins-base-1.2.4-2.9.1 gstreamer-plugins-base-debuginfo-1.2.4-2.9.1 gstreamer-plugins-base-debugsource-1.2.4-2.9.1 libgstallocators-1_0-0-1.2.4-2.9.1 libgstallocators-1_0-0-debuginfo-1.2.4-2.9.1 libgstapp-1_0-0-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-1.2.4-2.9.1 libgstaudio-1_0-0-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-1.2.4-2.9.1 libgstfft-1_0-0-1.2.4-2.9.1 libgstfft-1_0-0-debuginfo-1.2.4-2.9.1 libgstpbutils-1_0-0-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-1.2.4-2.9.1 libgstriff-1_0-0-1.2.4-2.9.1 libgstriff-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtp-1_0-0-1.2.4-2.9.1 libgstrtp-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtsp-1_0-0-1.2.4-2.9.1 libgstrtsp-1_0-0-debuginfo-1.2.4-2.9.1 libgstsdp-1_0-0-1.2.4-2.9.1 libgstsdp-1_0-0-debuginfo-1.2.4-2.9.1 libgsttag-1_0-0-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-1.2.4-2.9.1 libgstvideo-1_0-0-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.9.1 libgstapp-1_0-0-32bit-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstpbutils-1_0-0-32bit-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgsttag-1_0-0-32bit-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): gstreamer-plugins-base-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gstreamer-plugins-base-1.2.4-2.9.1 gstreamer-plugins-base-debuginfo-1.2.4-2.9.1 gstreamer-plugins-base-debugsource-1.2.4-2.9.1 libgstallocators-1_0-0-1.2.4-2.9.1 libgstallocators-1_0-0-debuginfo-1.2.4-2.9.1 libgstapp-1_0-0-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-1.2.4-2.9.1 libgstaudio-1_0-0-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-1.2.4-2.9.1 libgstfft-1_0-0-1.2.4-2.9.1 libgstfft-1_0-0-debuginfo-1.2.4-2.9.1 libgstpbutils-1_0-0-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-1.2.4-2.9.1 libgstriff-1_0-0-1.2.4-2.9.1 libgstriff-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtp-1_0-0-1.2.4-2.9.1 libgstrtp-1_0-0-debuginfo-1.2.4-2.9.1 libgstrtsp-1_0-0-1.2.4-2.9.1 libgstrtsp-1_0-0-debuginfo-1.2.4-2.9.1 libgstsdp-1_0-0-1.2.4-2.9.1 libgstsdp-1_0-0-debuginfo-1.2.4-2.9.1 libgsttag-1_0-0-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-1.2.4-2.9.1 libgstvideo-1_0-0-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.9.1 libgstapp-1_0-0-32bit-1.2.4-2.9.1 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-32bit-1.2.4-2.9.1 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstpbutils-1_0-0-32bit-1.2.4-2.9.1 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgsttag-1_0-0-32bit-1.2.4-2.9.1 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-32bit-1.2.4-2.9.1 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gstreamer-plugins-base-lang-1.2.4-2.9.1 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Fri Jun 14 13:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 21:11:37 +0200 (CEST) Subject: SUSE-SU-2019:1511-1: moderate: Security update for postgresql10 Message-ID: <20190614191137.80604FEA9@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1511-1 Rating: moderate References: #1134689 Cross-References: CVE-2019-10130 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1511=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1511=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1511=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1511=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1511=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1511=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.8-1.9.1 postgresql10-devel-debuginfo-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.8-1.9.1 postgresql10-devel-debuginfo-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-10.8-1.9.1 libecpg6-debuginfo-10.8-1.9.1 libpq5-10.8-1.9.1 libpq5-debuginfo-10.8-1.9.1 postgresql10-10.8-1.9.1 postgresql10-contrib-10.8-1.9.1 postgresql10-contrib-debuginfo-10.8-1.9.1 postgresql10-debuginfo-10.8-1.9.1 postgresql10-debugsource-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 postgresql10-plperl-10.8-1.9.1 postgresql10-plperl-debuginfo-10.8-1.9.1 postgresql10-plpython-10.8-1.9.1 postgresql10-plpython-debuginfo-10.8-1.9.1 postgresql10-pltcl-10.8-1.9.1 postgresql10-pltcl-debuginfo-10.8-1.9.1 postgresql10-server-10.8-1.9.1 postgresql10-server-debuginfo-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpq5-32bit-10.8-1.9.1 libpq5-debuginfo-32bit-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): postgresql10-docs-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-10.8-1.9.1 libecpg6-debuginfo-10.8-1.9.1 libpq5-10.8-1.9.1 libpq5-debuginfo-10.8-1.9.1 postgresql10-10.8-1.9.1 postgresql10-contrib-10.8-1.9.1 postgresql10-contrib-debuginfo-10.8-1.9.1 postgresql10-debuginfo-10.8-1.9.1 postgresql10-debugsource-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 postgresql10-plperl-10.8-1.9.1 postgresql10-plperl-debuginfo-10.8-1.9.1 postgresql10-plpython-10.8-1.9.1 postgresql10-plpython-debuginfo-10.8-1.9.1 postgresql10-pltcl-10.8-1.9.1 postgresql10-pltcl-debuginfo-10.8-1.9.1 postgresql10-server-10.8-1.9.1 postgresql10-server-debuginfo-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpq5-32bit-10.8-1.9.1 libpq5-debuginfo-32bit-10.8-1.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql10-docs-10.8-1.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libecpg6-10.8-1.9.1 libecpg6-debuginfo-10.8-1.9.1 libpq5-10.8-1.9.1 libpq5-32bit-10.8-1.9.1 libpq5-debuginfo-10.8-1.9.1 libpq5-debuginfo-32bit-10.8-1.9.1 postgresql10-10.8-1.9.1 postgresql10-debuginfo-10.8-1.9.1 postgresql10-debugsource-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libecpg6-10.8-1.9.1 libecpg6-debuginfo-10.8-1.9.1 libpq5-10.8-1.9.1 libpq5-32bit-10.8-1.9.1 libpq5-debuginfo-10.8-1.9.1 libpq5-debuginfo-32bit-10.8-1.9.1 postgresql10-10.8-1.9.1 postgresql10-debuginfo-10.8-1.9.1 postgresql10-debugsource-10.8-1.9.1 postgresql10-libs-debugsource-10.8-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-10130.html https://bugzilla.suse.com/1134689 From sle-updates at lists.suse.com Fri Jun 14 13:12:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jun 2019 21:12:19 +0200 (CEST) Subject: SUSE-SU-2019:14083-1: important: Security update for sqlite3 Message-ID: <20190614191219.08C4FFEA9@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14083-1 Rating: important References: #1136976 Cross-References: CVE-2019-8457 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-sqlite3-14083=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sqlite3-14083=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sqlite3-14083=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libsqlite3-0-3.7.6.3-1.4.7.9.1 sqlite3-3.7.6.3-1.4.7.9.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsqlite3-0-32bit-3.7.6.3-1.4.7.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsqlite3-0-3.7.6.3-1.4.7.9.1 sqlite3-3.7.6.3-1.4.7.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): sqlite3-debuginfo-3.7.6.3-1.4.7.9.1 References: https://www.suse.com/security/cve/CVE-2019-8457.html https://bugzilla.suse.com/1136976 From sle-updates at lists.suse.com Mon Jun 17 04:14:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 12:14:51 +0200 (CEST) Subject: SUSE-RU-2019:1513-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20190617101451.60819FE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1513-1 Rating: moderate References: #1134330 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - AutoYaST: do not ask for a reusable filesystem when it's not really needed. (bsc#1134330) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1513=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.84-3.3.1 References: https://bugzilla.suse.com/1134330 From sle-updates at lists.suse.com Mon Jun 17 04:15:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 12:15:46 +0200 (CEST) Subject: SUSE-RU-2019:1512-1: moderate: Recommended update for nvme-cli Message-ID: <20190617101546.42E4EFE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1512-1 Rating: moderate References: #1126565 #1127076 #1131930 #1133594 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Nvme flush now determines the namespace id, when not given via -n flag. This also fixes a failing test in the regress-script. - Fix failing service on devices without fc-hardware (bsc#1133594) - Add nvmefc-connect.target to allow stopping the parameterized services (bsc#1127076). Also change the service type so udevd doesn't have to wait for the termination of the service process. - rename transport type to bring the discovery log more in line with the code, see discussion at (bsc#1126565) - Increase size of ONTAP namespace path variable - Add new 'ontapdevices' command and corresponding documentation. Requested in (bsc#1131930). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1512=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-3.6.1 nvme-cli-debuginfo-1.5-3.6.1 nvme-cli-debugsource-1.5-3.6.1 References: https://bugzilla.suse.com/1126565 https://bugzilla.suse.com/1127076 https://bugzilla.suse.com/1131930 https://bugzilla.suse.com/1133594 From sle-updates at lists.suse.com Mon Jun 17 07:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 15:11:00 +0200 (CEST) Subject: SUSE-RU-2019:1516-1: moderate: Recommended update for e2fsprogs Message-ID: <20190617131100.CF81FFE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1516-1 Rating: moderate References: #1128383 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes the following issues: - e2fsck: Check and fix tails of all bitmap blocks. (bsc#1128383) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1516=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1516=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1516=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.43.8-3.3.1 e2fsprogs-debugsource-1.43.8-3.3.1 e2fsprogs-devel-1.43.8-3.3.1 libcom_err-devel-1.43.8-3.3.1 libext2fs-devel-1.43.8-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-3.3.1 e2fsprogs-debuginfo-1.43.8-3.3.1 e2fsprogs-debugsource-1.43.8-3.3.1 libcom_err2-1.43.8-3.3.1 libcom_err2-debuginfo-1.43.8-3.3.1 libext2fs2-1.43.8-3.3.1 libext2fs2-debuginfo-1.43.8-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): e2fsprogs-1.43.8-3.3.1 e2fsprogs-debuginfo-1.43.8-3.3.1 e2fsprogs-debugsource-1.43.8-3.3.1 libcom_err2-1.43.8-3.3.1 libcom_err2-debuginfo-1.43.8-3.3.1 libext2fs2-1.43.8-3.3.1 libext2fs2-debuginfo-1.43.8-3.3.1 References: https://bugzilla.suse.com/1128383 From sle-updates at lists.suse.com Mon Jun 17 07:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 15:11:44 +0200 (CEST) Subject: SUSE-SU-2019:1514-1: moderate: Security update for docker Message-ID: <20190617131144.58753FE00@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1514-1 Rating: moderate References: #1096726 Cross-References: CVE-2018-15664 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which made docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1514=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1514=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-18.09.6_ce-98.40.1 docker-debuginfo-18.09.6_ce-98.40.1 docker-debugsource-18.09.6_ce-98.40.1 - SUSE CaaS Platform 3.0 (x86_64): docker-kubic-18.09.6_ce-98.40.1 docker-kubic-debuginfo-18.09.6_ce-98.40.1 docker-kubic-debugsource-18.09.6_ce-98.40.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): docker-18.09.6_ce-98.40.1 docker-debuginfo-18.09.6_ce-98.40.1 docker-debugsource-18.09.6_ce-98.40.1 References: https://www.suse.com/security/cve/CVE-2018-15664.html https://bugzilla.suse.com/1096726 From sle-updates at lists.suse.com Mon Jun 17 07:12:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 15:12:25 +0200 (CEST) Subject: SUSE-RU-2019:1517-1: Recommended update for release-notes-ses Message-ID: <20190617131225.BDCACFE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1517-1 Rating: low References: #1112883 #1116519 #1134366 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-ses fixes the following issues: - New notes: - Support Status of Ceph Manager Modules (bsc#1116519, fate#326920) - Added reference to crushtool reclassification (bsc#1112883) - Document fixes and changed notes: - libradosstriper Has Been Deprecated (fate#323696) [minor wording change] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1517=1 Package List: - SUSE Enterprise Storage 5 (noarch): release-notes-ses-5.5.20190507-4.9.1 References: https://bugzilla.suse.com/1112883 https://bugzilla.suse.com/1116519 https://bugzilla.suse.com/1134366 From sle-updates at lists.suse.com Mon Jun 17 07:13:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 15:13:24 +0200 (CEST) Subject: SUSE-SU-2019:14084-1: important: Security update for glibc Message-ID: <20190617131324.75DC2FE00@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14084-1 Rating: important References: #1127308 Cross-References: CVE-2019-9169 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-glibc-14084=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-14084=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-14084=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-14084=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 i686 ppc64 s390x x86_64): glibc-2.11.3-17.110.33.1 glibc-devel-2.11.3-17.110.33.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.33.1 glibc-i18ndata-2.11.3-17.110.33.1 glibc-info-2.11.3-17.110.33.1 glibc-locale-2.11.3-17.110.33.1 glibc-profile-2.11.3-17.110.33.1 nscd-2.11.3-17.110.33.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): glibc-32bit-2.11.3-17.110.33.1 glibc-devel-32bit-2.11.3-17.110.33.1 glibc-locale-32bit-2.11.3-17.110.33.1 glibc-profile-32bit-2.11.3-17.110.33.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.33.1 glibc-devel-2.11.3-17.110.33.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.33.1 glibc-i18ndata-2.11.3-17.110.33.1 glibc-info-2.11.3-17.110.33.1 glibc-locale-2.11.3-17.110.33.1 glibc-profile-2.11.3-17.110.33.1 nscd-2.11.3-17.110.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.33.1 glibc-debugsource-2.11.3-17.110.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.33.1 glibc-debugsource-2.11.3-17.110.33.1 References: https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1127308 From sle-updates at lists.suse.com Mon Jun 17 10:13:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 18:13:38 +0200 (CEST) Subject: SUSE-RU-2019:1519-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190617161338.27AC2FE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1519-1 Rating: moderate References: #1138250 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - whitelisted new flatpak policy kit rules after review (bsc#1138250) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1519=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1519=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1519=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1519=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): polkit-default-privs-13.2-22.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): polkit-default-privs-13.2-22.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): polkit-default-privs-13.2-22.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): polkit-default-privs-13.2-22.9.1 References: https://bugzilla.suse.com/1138250 From sle-updates at lists.suse.com Mon Jun 17 10:14:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 18:14:18 +0200 (CEST) Subject: SUSE-RU-2019:1520-1: moderate: Recommended update for resource-agents Message-ID: <20190617161418.45F68FE00@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1520-1 Rating: moderate References: #1131793 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Added some fixes for galera (bsc#1131793) * Ignore safe_to_bootstrap in grastate.dat in some cases * Allow empty password for "check_passwd" parameter * Log message when changing content of grastate.dat file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1520=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-14.24.1 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-14.24.1 resource-agents-3.9.7+git.1461938976.cb7c36a-14.24.1 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-14.24.1 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-14.24.1 References: https://bugzilla.suse.com/1131793 From sle-updates at lists.suse.com Mon Jun 17 13:11:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 21:11:26 +0200 (CEST) Subject: SUSE-SU-2019:1524-1: moderate: Security update for openssh Message-ID: <20190617191126.0E065FFBE@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1524-1 Rating: moderate References: #1065237 #1090671 #1119183 #1121816 #1121821 #1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1524=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1524=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1524=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1524=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1524=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1524=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1524=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1524=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1524=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1524=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE Enterprise Storage 4 (x86_64): openssh-7.2p2-74.42.8 openssh-askpass-gnome-7.2p2-74.42.10 openssh-askpass-gnome-debuginfo-7.2p2-74.42.10 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 openssh-fips-7.2p2-74.42.8 openssh-helpers-7.2p2-74.42.8 openssh-helpers-debuginfo-7.2p2-74.42.8 - SUSE CaaS Platform ALL (x86_64): openssh-7.2p2-74.42.8 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 - SUSE CaaS Platform 3.0 (x86_64): openssh-7.2p2-74.42.8 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openssh-7.2p2-74.42.8 openssh-debuginfo-7.2p2-74.42.8 openssh-debugsource-7.2p2-74.42.8 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1065237 https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1131709 From sle-updates at lists.suse.com Mon Jun 17 13:12:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 21:12:50 +0200 (CEST) Subject: SUSE-SU-2019:1521-1: important: Security update for dbus-1 Message-ID: <20190617191250.D8592FFBE@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1521-1 Rating: important References: #1082318 #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). - Fixes in spec file: * fix warning and error messages. * fix licensing directory. (bsc#1082318) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1521=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1521=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): dbus-1-devel-doc-1.12.2-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-3.5.1 dbus-1-debuginfo-1.12.2-3.5.1 dbus-1-debugsource-1.12.2-3.5.1 dbus-1-devel-1.12.2-3.5.1 dbus-1-x11-1.12.2-3.5.1 dbus-1-x11-debuginfo-1.12.2-3.5.1 dbus-1-x11-debugsource-1.12.2-3.5.1 libdbus-1-3-1.12.2-3.5.1 libdbus-1-3-debuginfo-1.12.2-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): dbus-1-32bit-debuginfo-1.12.2-3.5.1 libdbus-1-3-32bit-1.12.2-3.5.1 libdbus-1-3-32bit-debuginfo-1.12.2-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Mon Jun 17 13:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 21:14:29 +0200 (CEST) Subject: SUSE-SU-2019:1525-1: moderate: Security update for netpbm Message-ID: <20190617191429.35E1BFFBE@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1525-1 Rating: moderate References: #1024288 #1024291 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1525=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1525=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1525=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1525=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1525=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libnetpbm11-32bit-10.80.1-3.8.2 libnetpbm11-32bit-debuginfo-10.80.1-3.8.2 netpbm-debugsource-10.80.1-3.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.80.1-3.8.2 netpbm-debuginfo-10.80.1-3.8.2 netpbm-debugsource-10.80.1-3.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.80.1-3.8.2 netpbm-debuginfo-10.80.1-3.8.2 netpbm-debugsource-10.80.1-3.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.80.1-3.8.2 libnetpbm11-debuginfo-10.80.1-3.8.2 netpbm-10.80.1-3.8.2 netpbm-debuginfo-10.80.1-3.8.2 netpbm-debugsource-10.80.1-3.8.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.80.1-3.8.2 libnetpbm11-debuginfo-10.80.1-3.8.2 netpbm-10.80.1-3.8.2 netpbm-debuginfo-10.80.1-3.8.2 netpbm-debugsource-10.80.1-3.8.2 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1136936 From sle-updates at lists.suse.com Mon Jun 17 13:16:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 21:16:04 +0200 (CEST) Subject: SUSE-SU-2019:1523-1: moderate: Security update for ImageMagick Message-ID: <20190617191604.50BE2FFBE@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1523-1 Rating: moderate References: #1133204 #1133205 #1133498 #1133501 #1136183 #1136732 Cross-References: CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11598 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1523=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1523=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1523=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1523=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1523=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1523=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-config-7-upstream-7.0.7.34-3.61.3 ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 ImageMagick-extra-7.0.7.34-3.61.3 ImageMagick-extra-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ImageMagick-devel-32bit-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-3.61.3 libMagick++-devel-32bit-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ImageMagick-doc-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 ImageMagick-extra-7.0.7.34-3.61.3 ImageMagick-extra-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 perl-PerlMagick-7.0.7.34-3.61.3 perl-PerlMagick-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 perl-PerlMagick-7.0.7.34-3.61.3 perl-PerlMagick-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.61.3 ImageMagick-config-7-SUSE-7.0.7.34-3.61.3 ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 ImageMagick-devel-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.61.3 libMagick++-devel-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.61.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.61.3 ImageMagick-config-7-SUSE-7.0.7.34-3.61.3 ImageMagick-config-7-upstream-7.0.7.34-3.61.3 ImageMagick-debuginfo-7.0.7.34-3.61.3 ImageMagick-debugsource-7.0.7.34-3.61.3 ImageMagick-devel-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-7.0.7.34-3.61.3 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.61.3 libMagick++-devel-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-7.0.7.34-3.61.3 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-7.0.7.34-3.61.3 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.61.3 References: https://www.suse.com/security/cve/CVE-2019-11470.html https://www.suse.com/security/cve/CVE-2019-11472.html https://www.suse.com/security/cve/CVE-2019-11505.html https://www.suse.com/security/cve/CVE-2019-11506.html https://www.suse.com/security/cve/CVE-2019-11598.html https://bugzilla.suse.com/1133204 https://bugzilla.suse.com/1133205 https://bugzilla.suse.com/1133498 https://bugzilla.suse.com/1133501 https://bugzilla.suse.com/1136183 https://bugzilla.suse.com/1136732 From sle-updates at lists.suse.com Mon Jun 17 13:18:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jun 2019 21:18:50 +0200 (CEST) Subject: SUSE-SU-2019:1522-1: important: Security update for sqlite3 Message-ID: <20190617191850.8611EFFBE@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1522-1 Rating: important References: #1085790 #1132045 #1136976 Cross-References: CVE-2017-10989 CVE-2018-8740 CVE-2019-8457 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1522=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.3.1-2.12.1 libsqlite3-0-debuginfo-3.8.3.1-2.12.1 sqlite3-3.8.3.1-2.12.1 sqlite3-debuginfo-3.8.3.1-2.12.1 sqlite3-debugsource-3.8.3.1-2.12.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.3.1-2.12.1 libsqlite3-0-debuginfo-32bit-3.8.3.1-2.12.1 References: https://www.suse.com/security/cve/CVE-2017-10989.html https://www.suse.com/security/cve/CVE-2018-8740.html https://www.suse.com/security/cve/CVE-2019-8457.html https://bugzilla.suse.com/1085790 https://bugzilla.suse.com/1132045 https://bugzilla.suse.com/1136976 From sle-updates at lists.suse.com Mon Jun 17 16:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 00:11:14 +0200 (CEST) Subject: SUSE-SU-2019:1529-1: important: Security update for the Linux Kernel Message-ID: <20190617221114.0D71AFFE5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1529-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1055186 #1056787 #1058115 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108193 #1108838 #1108937 #1110946 #1111696 #1112063 #1113722 #1114427 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128979 #1129138 #1129273 #1129497 #1129693 #1129770 #1130579 #1130699 #1130972 #1131326 #1131451 #1131488 #1131565 #1131673 #1132044 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134597 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 130 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158). - acpicA: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: fix ACPI dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586) - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1529=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 kernel-default-livepatch-4.12.14-150.22.1 kernel-livepatch-4_12_14-150_22-default-1-1.5.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-1-1.5.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 16:31:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 00:31:53 +0200 (CEST) Subject: SUSE-SU-2019:1530-1: important: Security update for the Linux Kernel Message-ID: <20190617223153.B0B2EFFE5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1530-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1056787 #1058115 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108838 #1110946 #1111696 #1112063 #1113722 #1114427 #1114893 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128905 #1128979 #1129138 #1129497 #1129693 #1129770 #1129848 #1129857 #1130409 #1130699 #1130972 #1131451 #1131488 #1131565 #1131673 #1132044 #1132894 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134591 #1134597 #1134607 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 132 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc at PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1530=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1530=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1530=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1530=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1530=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-extra-4.12.14-95.19.1 kernel-default-extra-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.19.1 kernel-obs-build-debugsource-4.12.14-95.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.19.1 kernel-default-base-4.12.14-95.19.1 kernel-default-base-debuginfo-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-devel-4.12.14-95.19.1 kernel-syms-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.19.1 kernel-macros-4.12.14-95.19.1 kernel-source-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.19.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.19.1 cluster-md-kmp-default-debuginfo-4.12.14-95.19.1 dlm-kmp-default-4.12.14-95.19.1 dlm-kmp-default-debuginfo-4.12.14-95.19.1 gfs2-kmp-default-4.12.14-95.19.1 gfs2-kmp-default-debuginfo-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 ocfs2-kmp-default-4.12.14-95.19.1 ocfs2-kmp-default-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-devel-4.12.14-95.19.1 kernel-default-devel-debuginfo-4.12.14-95.19.1 kernel-default-extra-4.12.14-95.19.1 kernel-default-extra-debuginfo-4.12.14-95.19.1 kernel-syms-4.12.14-95.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.19.1 kernel-macros-4.12.14-95.19.1 kernel-source-4.12.14-95.19.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128905 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129848 https://bugzilla.suse.com/1129857 https://bugzilla.suse.com/1130409 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1132894 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134591 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134607 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 16:51:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 00:51:01 +0200 (CEST) Subject: SUSE-SU-2019:1529-1: important: Security update for the Linux Kernel Message-ID: <20190617225101.5AAFCFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1529-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1055186 #1056787 #1058115 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108193 #1108838 #1108937 #1110946 #1111696 #1112063 #1113722 #1114427 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128979 #1129138 #1129273 #1129497 #1129693 #1129770 #1130579 #1130699 #1130972 #1131326 #1131451 #1131488 #1131565 #1131673 #1132044 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134597 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 130 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158). - acpicA: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: fix ACPI dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586) - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1529=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1529=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1529=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1529=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1529=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1529=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1529=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 kernel-default-extra-4.12.14-150.22.1 kernel-default-extra-debuginfo-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.22.1 kernel-default-base-debuginfo-4.12.14-150.22.1 kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 kernel-obs-qa-4.12.14-150.22.1 kselftests-kmp-default-4.12.14-150.22.1 kselftests-kmp-default-debuginfo-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 kernel-default-livepatch-4.12.14-150.22.1 kernel-livepatch-4_12_14-150_22-default-1-1.5.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-1-1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 reiserfs-kmp-default-4.12.14-150.22.1 reiserfs-kmp-default-debuginfo-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.22.1 kernel-obs-build-debugsource-4.12.14-150.22.1 kernel-syms-4.12.14-150.22.1 kernel-vanilla-base-4.12.14-150.22.1 kernel-vanilla-base-debuginfo-4.12.14-150.22.1 kernel-vanilla-debuginfo-4.12.14-150.22.1 kernel-vanilla-debugsource-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.22.1 kernel-source-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.22.1 kernel-default-base-4.12.14-150.22.1 kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 kernel-default-devel-4.12.14-150.22.1 kernel-default-devel-debuginfo-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.22.1 kernel-macros-4.12.14-150.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.22.1 kernel-zfcpdump-4.12.14-150.22.1 kernel-zfcpdump-debuginfo-4.12.14-150.22.1 kernel-zfcpdump-debugsource-4.12.14-150.22.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.22.1 cluster-md-kmp-default-debuginfo-4.12.14-150.22.1 dlm-kmp-default-4.12.14-150.22.1 dlm-kmp-default-debuginfo-4.12.14-150.22.1 gfs2-kmp-default-4.12.14-150.22.1 gfs2-kmp-default-debuginfo-4.12.14-150.22.1 kernel-default-debuginfo-4.12.14-150.22.1 kernel-default-debugsource-4.12.14-150.22.1 ocfs2-kmp-default-4.12.14-150.22.1 ocfs2-kmp-default-debuginfo-4.12.14-150.22.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 17:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 01:10:12 +0200 (CEST) Subject: SUSE-SU-2019:1530-1: important: Security update for the Linux Kernel Message-ID: <20190617231012.DBC50FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1530-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1056787 #1058115 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108838 #1110946 #1111696 #1112063 #1113722 #1114427 #1114893 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128905 #1128979 #1129138 #1129497 #1129693 #1129770 #1129848 #1129857 #1130409 #1130699 #1130972 #1131451 #1131488 #1131565 #1131673 #1132044 #1132894 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134591 #1134597 #1134607 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 132 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc at PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1530=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1530=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1530=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1530=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1530=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1530=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-extra-4.12.14-95.19.1 kernel-default-extra-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.19.1 kernel-obs-build-debugsource-4.12.14-95.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.19.1 kernel-default-base-4.12.14-95.19.1 kernel-default-base-debuginfo-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-devel-4.12.14-95.19.1 kernel-syms-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.19.1 kernel-macros-4.12.14-95.19.1 kernel-source-4.12.14-95.19.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.19.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_19-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.19.1 cluster-md-kmp-default-debuginfo-4.12.14-95.19.1 dlm-kmp-default-4.12.14-95.19.1 dlm-kmp-default-debuginfo-4.12.14-95.19.1 gfs2-kmp-default-4.12.14-95.19.1 gfs2-kmp-default-debuginfo-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 ocfs2-kmp-default-4.12.14-95.19.1 ocfs2-kmp-default-debuginfo-4.12.14-95.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.19.1 kernel-default-debuginfo-4.12.14-95.19.1 kernel-default-debugsource-4.12.14-95.19.1 kernel-default-devel-4.12.14-95.19.1 kernel-default-devel-debuginfo-4.12.14-95.19.1 kernel-default-extra-4.12.14-95.19.1 kernel-default-extra-debuginfo-4.12.14-95.19.1 kernel-syms-4.12.14-95.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.19.1 kernel-macros-4.12.14-95.19.1 kernel-source-4.12.14-95.19.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128905 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129848 https://bugzilla.suse.com/1129857 https://bugzilla.suse.com/1130409 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1132894 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134591 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134607 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 17:29:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 01:29:51 +0200 (CEST) Subject: SUSE-SU-2019:1532-1: important: Security update for the Linux Kernel Message-ID: <20190617232951.30E59FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1532-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1019695 #1019696 #1022604 #1063638 #1065600 #1085535 #1085539 #1090888 #1099658 #1100132 #1106110 #1106284 #1106929 #1108293 #1108838 #1110785 #1110946 #1112063 #1112178 #1116803 #1117562 #1119086 #1120642 #1120843 #1120902 #1122776 #1126040 #1126356 #1128052 #1129138 #1129770 #1130972 #1131107 #1131488 #1131565 #1132212 #1132472 #1133188 #1133874 #1134160 #1134162 #1134338 #1134537 #1134564 #1134565 #1134566 #1134651 #1134760 #1134806 #1134813 #1134848 #1135013 #1135014 #1135015 #1135100 #1135120 #1135281 #1135603 #1135642 #1135661 #1135878 #1136424 #1136438 #1136448 #1136449 #1136451 #1136452 #1136455 #1136458 #1136539 #1136573 #1136575 #1136586 #1136590 #1136623 #1136810 #1136935 #1136990 #1137142 #1137162 #1137586 #843419 Cross-References: CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bnc#1012382). - 9p: do not trust pdu content for stat item size (bnc#1012382). - X.509: unpack RSA signatureValue field from BIT STRING (git-fixes). - acpi / sbs: Fix GPE storm on recent MacBookPro's (bnc#1012382). - alsa: core: Fix card races between register and disconnect (bnc#1012382). - alsa: echoaudio: add a check for ioremap_nocache (bnc#1012382). - alsa: info: Fix racy addition/deletion of nodes (bnc#1012382). - alsa: line6: use dynamic buffers (bnc#1012382). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382). - alsa: pcm: check if ops are defined before suspending PCM (bnc#1012382). - alsa: sb8: add a check for request_region (bnc#1012382). - alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382). - appletalk: Fix compile regression (bnc#1012382). - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382). - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040). - arm64: Add helper to decode register from instruction (bsc#1126040). - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382). - arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382). - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382). - arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382). - arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040). - arm64: module: split core and init PLT sections (bsc#1126040). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382). - arm: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382). - arm: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382). - arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382). - arm: dts: pfla02: increase phy reset duration (bnc#1012382). - arm: iop: do not use using 64-bit DMA masks (bnc#1012382). - arm: orion: do not use using 64-bit DMA masks (bnc#1012382). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382). - asoc: Intel: avoid Oops if DMA setup fails (bnc#1012382). - asoc: cs4270: Set auto-increment bit for register writes (bnc#1012382). - asoc: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382). - asoc: fsl_esai: fix channel swap issue when stream starts (bnc#1012382). - asoc: tlv320aic32x4: Fix Common Pins (bnc#1012382). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929) - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: comment on direct access to bvec table (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_device_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bnc#1012382). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bnc#1012382). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: trace missed reading by cache_missed (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: writeback: properly order backing device IO (bsc#1130972). - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382). - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382). - block: check_events: do not bother with events if unsupported (bsc#1110946). - block: disk_events: introduce event flags (bsc#1110946). - block: do not leak memory in bio_copy_user_iov() (bnc#1012382). - block: fix use-after-free on gendisk (bsc#1136448). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382). - bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382). - bnxt_en: Improve multicast address setup logic (bnc#1012382). - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382). - bonding: fix event handling for stacked bonds (bnc#1012382). - bonding: show full hw address in sysfs for slave entries (bnc#1012382). - bpf: reject wrong sized filters earlier (bnc#1012382). - bridge: Fix error path for kobject_init_and_add() (bnc#1012382). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - cdc-acm: cleaning up debug in data submission path (bsc#1136539). - cdc-acm: fix race between reset and control messaging (bsc#1106110). - cdc-acm: handle read pipe errors (bsc#1135878). - cdc-acm: reassemble fragmented notifications (bsc#1136590). - cdc-acm: store in and out pipes in acm structure (bsc#1136575). - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134565). - ceph: only use d_name directly when parent is locked (bsc#1134566). - cifs: Fix NULL pointer dereference of devname (bnc#1012382). - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382). - cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - cifs: use correct format characters (bnc#1012382). - clk: fix mux clock documentation (bsc#1090888). - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - cpupower: remove stringop-truncation waring (bsc#1119086). - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382). - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162). - crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382). - debugfs: fix use-after-free on symlink traversal (bnc#1012382). - device_cgroup: fix RCU imbalance in error case (bnc#1012382). - dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382). - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382). - documentation: Add MDS vulnerability documentation (bnc#1012382). - documentation: Add nospectre_v1 parameter (bnc#1012382). - documentation: Correct the possible MDS sysfs values (bnc#1012382). - documentation: Move L1TF to separate directory (bnc#1012382). - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382). - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929) - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929) - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929) - drm/vc4: Account for interrupts in flight (bsc#1106929) - drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929) - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() (bsc#1106929) - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929) - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929) - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929) - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929) - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929) - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929) - drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929) - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929) - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929) - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1106929) - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929) - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929) - drm/vc4: Move IRQ enable to PM path (bsc#1106929) - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar (bsc#1106929) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929) - drm/vc4: Use drm_free_large() on handles to match its allocation. (bsc#1106929) - drm/vc4: fix a bounds check (bsc#1106929) - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929) - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535). - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ). - e1000e: Add Support for CannonLake (bsc#1108293). - e1000e: Fix -Wformat-truncation warnings (bnc#1012382). - e1000e: Initial Support for CannonLake (bsc#1108293 ). - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458). - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810). - ext4: actually request zeroing of inode table after grow (bsc#1136451). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623). - ext4: prohibit fstrim in norecovery mode (bnc#1012382). - ext4: report real fs size after failed resize (bnc#1012382). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - f2fs: do not use mutex lock in atomic context (bnc#1012382). - f2fs: fix to do sanity check with current segment number (bnc#1012382). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382). - fs/file.c: initialize init_files.resize_wait (bnc#1012382). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382). - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genirq: Prevent use-after-free and work list corruption (bnc#1012382). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bnc#1012382). - gpio: gpio-omap: fix level interrupt idling (bnc#1012382). - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382). - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382). - hid: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382). - hid: input: add mapping for Expose/Overview key (bnc#1012382). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382). - hugetlbfs: fix memory leak for resv_map (bnc#1012382). - hwrng: virtio - Avoid repeated init of completion (bnc#1012382). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012382). - ib/hfi1: Eliminate opcode tests on mr deref (). - ib/hfi1: Unreserve a reserved request when it is completed (). - ib/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382). - ib/mlx4: Increase the timeout for CM cache (bnc#1012382). - ib/rdmavt: Add wc_flags and wc_immdata to cq entry trace (). - ib/rdmavt: Fix frwr memory registration (). - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382). - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382). - iio: ad_sigma_delta: select channel when reading register (bnc#1012382). - iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382). - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382). - include/linux/bitrev.h: fix constant bitrev (bnc#1012382). - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382). - init: initialize jump labels before command line option parsing (bnc#1012382). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382). - io: accel: kxcjk1013: restore the range after resume (bnc#1012382). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135013). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120). - ipv4: Fix raw socket lookup for local traffic (bnc#1012382). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382). - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382). - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382). - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382). - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382). - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382). - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382). - ipvs: do not schedule icmp errors from tunnels (bnc#1012382). - jffs2: fix use-after-free on symlink traversal (bnc#1012382). - kABI: protect ring_buffer_read_prepare (kabi). - kABI: protect struct tlb_state (kabi). - kABI: protect struct usb_interface (kabi). - kABI: restore ___ptrace_may_access (kabi). - kABI: restore icmp_send (kabi). - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040) - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382). - kbuild: simplify ld-option implementation (bnc#1012382). - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382). - kconfig: display recursive dependency resolution hint just once (bsc#1100132). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382). - keys: Timestamp new keys (bsc#1120902). - kprobes: Fix error check when reusing optimized probes (bnc#1012382). - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382). - kprobes: Prohibit probing on bsearch() (bnc#1012382). - kvm: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382). - kvm: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382). - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382). - lib/div64.c: off by one in shift (bnc#1012382). - lib/int_sqrt: optimize initial value compute (bnc#1012382). - lib/string.c: implement a basic bcmp (bnc#1012382). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bnc#1012382). - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: do not call driver wake_tx_queue op during reconfig (bnc#1012382). - mac80211_hwsim: validate number of different channels (bsc#1085539). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212). - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: pvrusb2: Prevent a buffer overflow (bsc#1135642). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bnc#1012382). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1120902). - mips: scall64-o32: Fix indirect syscall number load (bnc#1012382). - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382). - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382). - mm/slab.c: kmemleak no scan alien caches (bnc#1012382). - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382). - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012382). - mmc: davinci: remove extraneous __init annotation (bnc#1012382). - mmc: omap: fix the maximum timeout setting (bnc#1012382). - modpost: file2alias: check prototype of handler (bnc#1012382). - modpost: file2alias: go back to simple devtable lookup (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mt7601u: bump supported EEPROM version (bnc#1012382). - mtd: Fix comparison in map_word_andequal() (git-fixes). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (bnc#1012382). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562). - net: ethernet: ti: fix possible object reference leak (bnc#1012382). - net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (bnc#1012382). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382). - net: ibm: fix possible object reference leak (bnc#1012382). - net: ks8851: Delay requesting IRQ until opened (bnc#1012382). - net: ks8851: Dequeue RX packets explicitly (bnc#1012382). - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382). - net: ks8851: Set initial carrier state to down (bnc#1012382). - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() (bnc#1012382). - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382). - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382). - net: xilinx: fix possible object reference leak (bnc#1012382). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382). - netfilter: compat: initialize all fields in xt_init (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382). - netfilter: physdev: relax br_netfilter dependency (bnc#1012382). - netns: provide pure entropy for net_hash_mix() (bnc#1012382). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: Fix I/O request leakages (git-fixes). - nfs: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382). - nfs: clean up rest of reqs when failing to add one (git-fixes). - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382). - openvswitch: fix flow actions reallocation (bnc#1012382). - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes). - packet: Fix error path in packet_init (bnc#1012382). - packet: validate msg_namelen in send directly (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1135642). - pci: xilinx-nwl: Add missing of_node_put() (bsc#1100132). - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382). - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382). - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() (bnc#1012382). - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test (bnc#1012382). - perf top: Fix error handling in cmd_top() (bnc#1012382). - perf/core: Restore mmap record type correctly (bnc#1012382). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes). - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382). - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382). - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382). - powerpc/64s: Include cpu header (bnc#1012382). - powerpc/booke64: set RI in default MSR (bnc#1012382). - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382). - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382). - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382). - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382). - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382). - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382). - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382). - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382). - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382). - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382). - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382). - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382). - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696). - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382). - qmi_wwan: add Olicard 600 (bnc#1012382). - rdma/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781). - rdma/qedr: Fix out of bounds index check in query pkey (bsc#1022604). - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bnc#1012382). - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382). - rtc: da9063: set uie_unsupported when relevant (bnc#1012382). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382). - s390/3270: fix lockdep false positive on view->lock (bnc#1012382). - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382). - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382). - sc16is7xx: move label 'err_spi' to correct section (git-fixes). - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (bnc#1012382). - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (bnc#1012382). - sched/numa: Fix a possible divide-by-zero (bnc#1012382). - sched: Add sched_smt_active() (bnc#1012382). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (bnc#1012382). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382). - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382). - scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382). - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382). - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382). - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382). - sctp: initialize _pad of sockaddr_in before copying to user memory (bnc#1012382). - selftests/net: correct the return value for run_netsocktests (bnc#1012382). - selinux: never allow relabeling on context mounts (bnc#1012382). - serial: uartps: console_setup() can't be placed to init section (bnc#1012382). - slip: make slhc_free() silently accept an error pointer (bnc#1012382). - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382). - soc: imx-sgtl5000: add missing put_device() (bnc#1012382). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382). - staging: iio: adt7316: fix the dac read calculation (bnc#1012382). - staging: iio: adt7316: fix the dac write calculation (bnc#1012382). - supported.conf: add lib/crc64 because bcache uses it - sysctl: handle overflow for file-max (bnc#1012382). - tcp: Ensure DCTCP reacts to losses (bnc#1012382). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382). - team: fix possible recursive locking when add slaves (bnc#1012382). - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382). - thermal/int340x_thermal: fix mode setting (bnc#1012382). - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382). - tipc: handle the err returned from cmd header function (bnc#1012382). - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tools/power turbostat: return the exit status of a command (bnc#1012382). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bnc#1012382). - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - tracing: kdb: Fix ftdump to not sleep (bnc#1012382). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382). - tty: increase the default flip buffer limit to 2*640K (bnc#1012382). - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382). - uas: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770). - uas: fix alignment of scatter/gather segments (bsc#1129770). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455). - usb: Add new USB LPM helpers (bsc#1129770). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: cdc-acm: fix unthrottle races (bsc#1135642). - usb: chipidea: Grab the (legacy) usb PHY by phandle first (bnc#1012382). - usb: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382). - usb: core: Fix unterminated string returned by usb_string() (bnc#1012382). - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382). - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382). - usb: serial: fix unthrottle races (bnc#1012382). - usb: serial: use variable for status (bnc#1012382). - usb: u132-hcd: fix resource leak (bnc#1012382). - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382). - usb: yurex: Fix protection fault after device removal (bnc#1012382). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (bnc#1012382). - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382). - vfio/pci: use correct format characters (bnc#1012382). - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382). - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bnc#1012382). - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382). - x86/MCE: Save microcode revision in machine check records (bnc#1012382). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382). - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382). - x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382). - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382). - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382). - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382). - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382). - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382). - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error (bnc#1012382). - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382). - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382). - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382). - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382). - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382). - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382). - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382). - x86/speculataion: Mark command line parser data __initdata (bnc#1012382). - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382). - x86/speculation/mds: Fix comment (bnc#1012382). - x86/speculation/mds: Fix documentation typo (bnc#1012382). - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382). - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382). - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382). - x86/speculation: Disable STibP when enhanced IBRS is in use (bnc#1012382). - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382). - x86/speculation: Mark string arrays const correctly (bnc#1012382). - x86/speculation: Move STIPB/ibPB string conditionals out of cpu_show_common() (bnc#1012382). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382). - x86/speculation: Prepare for conditional ibPB in switch_mm() (bnc#1012382). - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382). - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382). - x86/speculation: Provide ibPB always command line options (bnc#1012382). - x86/speculation: Remove SPECTRE_V2_ibRS in enum spectre_v2_mitigation (bnc#1012382). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382). - x86/speculation: Rename SSBD update functions (bnc#1012382). - x86/speculation: Reorder the spec_v2 code (bnc#1012382). - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382). - x86/speculation: Split out TIF update (bnc#1012382). - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - x86/speculation: Support Enhanced ibRS on future CPUs (bnc#1012382). - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382). - x86/speculation: Update the TIF_SSBD comment (bnc#1012382). - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382). - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes). - x86: vdso: Use $LD instead of $CC to link (bnc#1012382). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xsysace: Fix error handling in ace_setup (bnc#1012382). - xtensa: fix return_address (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1532=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-1-4.3.3 kgraft-patch-4_4_180-94_97-default-debuginfo-1-4.3.3 References: https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019696 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1108293 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120642 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1126040 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132212 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133874 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134338 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134564 https://bugzilla.suse.com/1134565 https://bugzilla.suse.com/1134566 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135013 https://bugzilla.suse.com/1135014 https://bugzilla.suse.com/1135015 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135878 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136448 https://bugzilla.suse.com/1136449 https://bugzilla.suse.com/1136451 https://bugzilla.suse.com/1136452 https://bugzilla.suse.com/1136455 https://bugzilla.suse.com/1136458 https://bugzilla.suse.com/1136539 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136575 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136590 https://bugzilla.suse.com/1136623 https://bugzilla.suse.com/1136810 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137142 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/843419 From sle-updates at lists.suse.com Mon Jun 17 17:41:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 01:41:52 +0200 (CEST) Subject: SUSE-SU-2019:1536-1: important: Security update for the Linux Kernel Message-ID: <20190617234152.3613CFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1536-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1056787 #1058115 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108838 #1110946 #1111696 #1112063 #1113722 #1114427 #1114893 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128905 #1128979 #1129138 #1129497 #1129693 #1129770 #1129848 #1129857 #1130409 #1130972 #1131451 #1131488 #1131565 #1131673 #1132044 #1132894 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134591 #1134597 #1134607 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 132 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: fix ACPI dependencies (bsc#1117158). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: treat stale dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - git_sort: add crypto maintainer tree. - git-sort: Always explicitely handle a pygit2 import error As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73 ("series_sort: Catch pygit2 import failure.") is wrong; given that there is no explicit installation step of the git-sort scripts and that they are "just there" in the kernel-source repository, every user-callable script needs to check that the user followed installation requirements. - git-sort: Handle new pygit2.discover_repository behavior A consequence of pygit2 commit c32ee0c25384 ("Now discover_repository returns None if repo not found"). - git-sort: Move mainline remote check to series_sort git_sort can be used on any git repository. series_sort() OTOH expects the reference repository to be a clone of the mainline Linux kernel repository. Move the warning accordingly and make it an error since further operations would fail. Fixes: 027d52475873 ("scripts: git_sort: Warn about missing upstream repo") - git-sort: README: Add information about how to report problems - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - lib: do not depend on linux headers being installed (bsc#1130972). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mISDN: Check address length before reading address family (bsc#1051510). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net: initialize skb->peeked when cloning (git-fixes). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Update config files for NFSv4.2 Enable NFSv4.2 support - jsc at PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - packet: validate msg_namelen in send directly (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - re-export snd_cards for kABI compatibility (bsc#1051510). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" (bsc#1051510). - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (bsc#1110946, bsc#1119843). - Revert "drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)" The patch seems buggy, breaks the build for armv7hl/pae config. - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (bsc#1110946). - Revert "tty: pty: Fix race condition between release_one_tty and pty_write" (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1536=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.15.2 kernel-azure-base-4.12.14-6.15.2 kernel-azure-base-debuginfo-4.12.14-6.15.2 kernel-azure-debuginfo-4.12.14-6.15.2 kernel-azure-debugsource-4.12.14-6.15.2 kernel-azure-devel-4.12.14-6.15.2 kernel-syms-azure-4.12.14-6.15.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.15.2 kernel-source-azure-4.12.14-6.15.2 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128905 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129848 https://bugzilla.suse.com/1129857 https://bugzilla.suse.com/1130409 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1132894 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134591 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134607 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 18:00:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 02:00:54 +0200 (CEST) Subject: SUSE-SU-2019:1533-1: important: Security update for the Linux Kernel Message-ID: <20190618000054.B82D7FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1533-1 Rating: important References: #1104367 #1110785 #1113769 #1120843 #1120885 #1125580 #1125931 #1131543 #1131587 #1132374 #1132472 #1134848 #1135281 #1136424 #1136446 #1137586 Cross-References: CVE-2018-17972 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11833 CVE-2019-11884 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel version 3.12.74 was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. A remote attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add "on"/"off" support to strtobool (bsc#1125931). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1125580). - powerpc/tm: Add TM Unavailable Exception (bsc#1125580). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1533=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1533=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1533=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.115.1 kernel-macros-3.12.74-60.64.115.1 kernel-source-3.12.74-60.64.115.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.115.1 kernel-default-base-3.12.74-60.64.115.1 kernel-default-base-debuginfo-3.12.74-60.64.115.1 kernel-default-debuginfo-3.12.74-60.64.115.1 kernel-default-debugsource-3.12.74-60.64.115.1 kernel-default-devel-3.12.74-60.64.115.1 kernel-syms-3.12.74-60.64.115.1 kernel-xen-3.12.74-60.64.115.1 kernel-xen-base-3.12.74-60.64.115.1 kernel-xen-base-debuginfo-3.12.74-60.64.115.1 kernel-xen-debuginfo-3.12.74-60.64.115.1 kernel-xen-debugsource-3.12.74-60.64.115.1 kernel-xen-devel-3.12.74-60.64.115.1 kgraft-patch-3_12_74-60_64_115-default-1-2.5.1 kgraft-patch-3_12_74-60_64_115-xen-1-2.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.115.1 kernel-default-base-3.12.74-60.64.115.1 kernel-default-base-debuginfo-3.12.74-60.64.115.1 kernel-default-debuginfo-3.12.74-60.64.115.1 kernel-default-debugsource-3.12.74-60.64.115.1 kernel-default-devel-3.12.74-60.64.115.1 kernel-syms-3.12.74-60.64.115.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.115.1 kernel-xen-base-3.12.74-60.64.115.1 kernel-xen-base-debuginfo-3.12.74-60.64.115.1 kernel-xen-debuginfo-3.12.74-60.64.115.1 kernel-xen-debugsource-3.12.74-60.64.115.1 kernel-xen-devel-3.12.74-60.64.115.1 kgraft-patch-3_12_74-60_64_115-default-1-2.5.1 kgraft-patch-3_12_74-60_64_115-xen-1-2.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.115.1 kernel-macros-3.12.74-60.64.115.1 kernel-source-3.12.74-60.64.115.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.115.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.115.1 kernel-ec2-debuginfo-3.12.74-60.64.115.1 kernel-ec2-debugsource-3.12.74-60.64.115.1 kernel-ec2-devel-3.12.74-60.64.115.1 kernel-ec2-extra-3.12.74-60.64.115.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.115.1 References: https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1104367 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120885 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1125931 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137586 From sle-updates at lists.suse.com Mon Jun 17 18:03:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 02:03:51 +0200 (CEST) Subject: SUSE-SU-2019:1532-1: important: Security update for the Linux Kernel Message-ID: <20190618000351.693D9FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1532-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1019695 #1019696 #1022604 #1063638 #1065600 #1085535 #1085539 #1090888 #1099658 #1100132 #1106110 #1106284 #1106929 #1108293 #1108838 #1110785 #1110946 #1112063 #1112178 #1116803 #1117562 #1119086 #1120642 #1120843 #1120902 #1122776 #1126040 #1126356 #1128052 #1129138 #1129770 #1130972 #1131107 #1131488 #1131565 #1132212 #1132472 #1133188 #1133874 #1134160 #1134162 #1134338 #1134537 #1134564 #1134565 #1134566 #1134651 #1134760 #1134806 #1134813 #1134848 #1135013 #1135014 #1135015 #1135100 #1135120 #1135281 #1135603 #1135642 #1135661 #1135878 #1136424 #1136438 #1136448 #1136449 #1136451 #1136452 #1136455 #1136458 #1136539 #1136573 #1136575 #1136586 #1136590 #1136623 #1136810 #1136935 #1136990 #1137142 #1137162 #1137586 #843419 Cross-References: CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bnc#1012382). - 9p: do not trust pdu content for stat item size (bnc#1012382). - X.509: unpack RSA signatureValue field from BIT STRING (git-fixes). - acpi / sbs: Fix GPE storm on recent MacBookPro's (bnc#1012382). - alsa: core: Fix card races between register and disconnect (bnc#1012382). - alsa: echoaudio: add a check for ioremap_nocache (bnc#1012382). - alsa: info: Fix racy addition/deletion of nodes (bnc#1012382). - alsa: line6: use dynamic buffers (bnc#1012382). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382). - alsa: pcm: check if ops are defined before suspending PCM (bnc#1012382). - alsa: sb8: add a check for request_region (bnc#1012382). - alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382). - appletalk: Fix compile regression (bnc#1012382). - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382). - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040). - arm64: Add helper to decode register from instruction (bsc#1126040). - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382). - arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382). - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382). - arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382). - arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040). - arm64: module: split core and init PLT sections (bsc#1126040). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382). - arm: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382). - arm: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382). - arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382). - arm: dts: pfla02: increase phy reset duration (bnc#1012382). - arm: iop: do not use using 64-bit DMA masks (bnc#1012382). - arm: orion: do not use using 64-bit DMA masks (bnc#1012382). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382). - asoc: Intel: avoid Oops if DMA setup fails (bnc#1012382). - asoc: cs4270: Set auto-increment bit for register writes (bnc#1012382). - asoc: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382). - asoc: fsl_esai: fix channel swap issue when stream starts (bnc#1012382). - asoc: tlv320aic32x4: Fix Common Pins (bnc#1012382). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929) - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: comment on direct access to bvec table (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_device_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bnc#1012382). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bnc#1012382). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: trace missed reading by cache_missed (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: writeback: properly order backing device IO (bsc#1130972). - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382). - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382). - block: check_events: do not bother with events if unsupported (bsc#1110946). - block: disk_events: introduce event flags (bsc#1110946). - block: do not leak memory in bio_copy_user_iov() (bnc#1012382). - block: fix use-after-free on gendisk (bsc#1136448). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382). - bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382). - bnxt_en: Improve multicast address setup logic (bnc#1012382). - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382). - bonding: fix event handling for stacked bonds (bnc#1012382). - bonding: show full hw address in sysfs for slave entries (bnc#1012382). - bpf: reject wrong sized filters earlier (bnc#1012382). - bridge: Fix error path for kobject_init_and_add() (bnc#1012382). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - cdc-acm: cleaning up debug in data submission path (bsc#1136539). - cdc-acm: fix race between reset and control messaging (bsc#1106110). - cdc-acm: handle read pipe errors (bsc#1135878). - cdc-acm: reassemble fragmented notifications (bsc#1136590). - cdc-acm: store in and out pipes in acm structure (bsc#1136575). - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134565). - ceph: only use d_name directly when parent is locked (bsc#1134566). - cifs: Fix NULL pointer dereference of devname (bnc#1012382). - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382). - cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - cifs: use correct format characters (bnc#1012382). - clk: fix mux clock documentation (bsc#1090888). - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - cpupower: remove stringop-truncation waring (bsc#1119086). - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382). - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162). - crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382). - debugfs: fix use-after-free on symlink traversal (bnc#1012382). - device_cgroup: fix RCU imbalance in error case (bnc#1012382). - dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382). - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382). - documentation: Add MDS vulnerability documentation (bnc#1012382). - documentation: Add nospectre_v1 parameter (bnc#1012382). - documentation: Correct the possible MDS sysfs values (bnc#1012382). - documentation: Move L1TF to separate directory (bnc#1012382). - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382). - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929) - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929) - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929) - drm/vc4: Account for interrupts in flight (bsc#1106929) - drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929) - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() (bsc#1106929) - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929) - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929) - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929) - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929) - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929) - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929) - drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929) - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929) - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929) - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1106929) - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929) - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929) - drm/vc4: Move IRQ enable to PM path (bsc#1106929) - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar (bsc#1106929) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929) - drm/vc4: Use drm_free_large() on handles to match its allocation. (bsc#1106929) - drm/vc4: fix a bounds check (bsc#1106929) - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929) - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535). - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ). - e1000e: Add Support for CannonLake (bsc#1108293). - e1000e: Fix -Wformat-truncation warnings (bnc#1012382). - e1000e: Initial Support for CannonLake (bsc#1108293 ). - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458). - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810). - ext4: actually request zeroing of inode table after grow (bsc#1136451). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623). - ext4: prohibit fstrim in norecovery mode (bnc#1012382). - ext4: report real fs size after failed resize (bnc#1012382). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - f2fs: do not use mutex lock in atomic context (bnc#1012382). - f2fs: fix to do sanity check with current segment number (bnc#1012382). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382). - fs/file.c: initialize init_files.resize_wait (bnc#1012382). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382). - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genirq: Prevent use-after-free and work list corruption (bnc#1012382). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bnc#1012382). - gpio: gpio-omap: fix level interrupt idling (bnc#1012382). - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382). - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382). - hid: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382). - hid: input: add mapping for Expose/Overview key (bnc#1012382). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382). - hugetlbfs: fix memory leak for resv_map (bnc#1012382). - hwrng: virtio - Avoid repeated init of completion (bnc#1012382). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012382). - ib/hfi1: Eliminate opcode tests on mr deref (). - ib/hfi1: Unreserve a reserved request when it is completed (). - ib/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382). - ib/mlx4: Increase the timeout for CM cache (bnc#1012382). - ib/rdmavt: Add wc_flags and wc_immdata to cq entry trace (). - ib/rdmavt: Fix frwr memory registration (). - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382). - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382). - iio: ad_sigma_delta: select channel when reading register (bnc#1012382). - iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382). - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382). - include/linux/bitrev.h: fix constant bitrev (bnc#1012382). - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382). - init: initialize jump labels before command line option parsing (bnc#1012382). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382). - io: accel: kxcjk1013: restore the range after resume (bnc#1012382). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135013). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120). - ipv4: Fix raw socket lookup for local traffic (bnc#1012382). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382). - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382). - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382). - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382). - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382). - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382). - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382). - ipvs: do not schedule icmp errors from tunnels (bnc#1012382). - jffs2: fix use-after-free on symlink traversal (bnc#1012382). - kABI: protect ring_buffer_read_prepare (kabi). - kABI: protect struct tlb_state (kabi). - kABI: protect struct usb_interface (kabi). - kABI: restore ___ptrace_may_access (kabi). - kABI: restore icmp_send (kabi). - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040) - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382). - kbuild: simplify ld-option implementation (bnc#1012382). - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382). - kconfig: display recursive dependency resolution hint just once (bsc#1100132). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382). - keys: Timestamp new keys (bsc#1120902). - kprobes: Fix error check when reusing optimized probes (bnc#1012382). - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382). - kprobes: Prohibit probing on bsearch() (bnc#1012382). - kvm: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382). - kvm: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382). - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382). - lib/div64.c: off by one in shift (bnc#1012382). - lib/int_sqrt: optimize initial value compute (bnc#1012382). - lib/string.c: implement a basic bcmp (bnc#1012382). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bnc#1012382). - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: do not call driver wake_tx_queue op during reconfig (bnc#1012382). - mac80211_hwsim: validate number of different channels (bsc#1085539). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212). - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: pvrusb2: Prevent a buffer overflow (bsc#1135642). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bnc#1012382). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1120902). - mips: scall64-o32: Fix indirect syscall number load (bnc#1012382). - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382). - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382). - mm/slab.c: kmemleak no scan alien caches (bnc#1012382). - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382). - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012382). - mmc: davinci: remove extraneous __init annotation (bnc#1012382). - mmc: omap: fix the maximum timeout setting (bnc#1012382). - modpost: file2alias: check prototype of handler (bnc#1012382). - modpost: file2alias: go back to simple devtable lookup (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mt7601u: bump supported EEPROM version (bnc#1012382). - mtd: Fix comparison in map_word_andequal() (git-fixes). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (bnc#1012382). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562). - net: ethernet: ti: fix possible object reference leak (bnc#1012382). - net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (bnc#1012382). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382). - net: ibm: fix possible object reference leak (bnc#1012382). - net: ks8851: Delay requesting IRQ until opened (bnc#1012382). - net: ks8851: Dequeue RX packets explicitly (bnc#1012382). - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382). - net: ks8851: Set initial carrier state to down (bnc#1012382). - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() (bnc#1012382). - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382). - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382). - net: xilinx: fix possible object reference leak (bnc#1012382). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382). - netfilter: compat: initialize all fields in xt_init (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382). - netfilter: physdev: relax br_netfilter dependency (bnc#1012382). - netns: provide pure entropy for net_hash_mix() (bnc#1012382). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: Fix I/O request leakages (git-fixes). - nfs: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382). - nfs: clean up rest of reqs when failing to add one (git-fixes). - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382). - openvswitch: fix flow actions reallocation (bnc#1012382). - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes). - packet: Fix error path in packet_init (bnc#1012382). - packet: validate msg_namelen in send directly (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1135642). - pci: xilinx-nwl: Add missing of_node_put() (bsc#1100132). - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382). - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382). - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() (bnc#1012382). - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test (bnc#1012382). - perf top: Fix error handling in cmd_top() (bnc#1012382). - perf/core: Restore mmap record type correctly (bnc#1012382). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes). - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382). - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382). - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382). - powerpc/64s: Include cpu header (bnc#1012382). - powerpc/booke64: set RI in default MSR (bnc#1012382). - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382). - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382). - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382). - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382). - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382). - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382). - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382). - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382). - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382). - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382). - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382). - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382). - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696). - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382). - qmi_wwan: add Olicard 600 (bnc#1012382). - rdma/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781). - rdma/qedr: Fix out of bounds index check in query pkey (bsc#1022604). - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bnc#1012382). - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382). - rtc: da9063: set uie_unsupported when relevant (bnc#1012382). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382). - s390/3270: fix lockdep false positive on view->lock (bnc#1012382). - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382). - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382). - sc16is7xx: move label 'err_spi' to correct section (git-fixes). - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (bnc#1012382). - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (bnc#1012382). - sched/numa: Fix a possible divide-by-zero (bnc#1012382). - sched: Add sched_smt_active() (bnc#1012382). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (bnc#1012382). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382). - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382). - scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382). - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382). - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382). - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382). - sctp: initialize _pad of sockaddr_in before copying to user memory (bnc#1012382). - selftests/net: correct the return value for run_netsocktests (bnc#1012382). - selinux: never allow relabeling on context mounts (bnc#1012382). - serial: uartps: console_setup() can't be placed to init section (bnc#1012382). - slip: make slhc_free() silently accept an error pointer (bnc#1012382). - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382). - soc: imx-sgtl5000: add missing put_device() (bnc#1012382). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382). - staging: iio: adt7316: fix the dac read calculation (bnc#1012382). - staging: iio: adt7316: fix the dac write calculation (bnc#1012382). - supported.conf: add lib/crc64 because bcache uses it - sysctl: handle overflow for file-max (bnc#1012382). - tcp: Ensure DCTCP reacts to losses (bnc#1012382). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382). - team: fix possible recursive locking when add slaves (bnc#1012382). - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382). - thermal/int340x_thermal: fix mode setting (bnc#1012382). - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382). - tipc: handle the err returned from cmd header function (bnc#1012382). - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tools/power turbostat: return the exit status of a command (bnc#1012382). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bnc#1012382). - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - tracing: kdb: Fix ftdump to not sleep (bnc#1012382). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382). - tty: increase the default flip buffer limit to 2*640K (bnc#1012382). - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382). - uas: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770). - uas: fix alignment of scatter/gather segments (bsc#1129770). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455). - usb: Add new USB LPM helpers (bsc#1129770). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: cdc-acm: fix unthrottle races (bsc#1135642). - usb: chipidea: Grab the (legacy) usb PHY by phandle first (bnc#1012382). - usb: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382). - usb: core: Fix unterminated string returned by usb_string() (bnc#1012382). - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382). - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382). - usb: serial: fix unthrottle races (bnc#1012382). - usb: serial: use variable for status (bnc#1012382). - usb: u132-hcd: fix resource leak (bnc#1012382). - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382). - usb: yurex: Fix protection fault after device removal (bnc#1012382). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (bnc#1012382). - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382). - vfio/pci: use correct format characters (bnc#1012382). - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382). - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bnc#1012382). - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382). - x86/MCE: Save microcode revision in machine check records (bnc#1012382). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382). - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382). - x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382). - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382). - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382). - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382). - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382). - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382). - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error (bnc#1012382). - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382). - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382). - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382). - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382). - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382). - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382). - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382). - x86/speculataion: Mark command line parser data __initdata (bnc#1012382). - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382). - x86/speculation/mds: Fix comment (bnc#1012382). - x86/speculation/mds: Fix documentation typo (bnc#1012382). - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382). - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382). - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382). - x86/speculation: Disable STibP when enhanced IBRS is in use (bnc#1012382). - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382). - x86/speculation: Mark string arrays const correctly (bnc#1012382). - x86/speculation: Move STIPB/ibPB string conditionals out of cpu_show_common() (bnc#1012382). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382). - x86/speculation: Prepare for conditional ibPB in switch_mm() (bnc#1012382). - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382). - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382). - x86/speculation: Provide ibPB always command line options (bnc#1012382). - x86/speculation: Remove SPECTRE_V2_ibRS in enum spectre_v2_mitigation (bnc#1012382). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382). - x86/speculation: Rename SSBD update functions (bnc#1012382). - x86/speculation: Reorder the spec_v2 code (bnc#1012382). - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382). - x86/speculation: Split out TIF update (bnc#1012382). - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - x86/speculation: Support Enhanced ibRS on future CPUs (bnc#1012382). - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382). - x86/speculation: Update the TIF_SSBD comment (bnc#1012382). - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382). - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes). - x86: vdso: Use $LD instead of $CC to link (bnc#1012382). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xsysace: Fix error handling in ace_setup (bnc#1012382). - xtensa: fix return_address (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1532=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1532=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1532=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1532=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1532=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1532=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 kernel-default-extra-4.4.180-94.97.1 kernel-default-extra-debuginfo-4.4.180-94.97.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.180-94.97.1 kernel-obs-build-debugsource-4.4.180-94.97.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.180-94.97.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.97.1 kernel-default-base-4.4.180-94.97.1 kernel-default-base-debuginfo-4.4.180-94.97.1 kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 kernel-default-devel-4.4.180-94.97.1 kernel-syms-4.4.180-94.97.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.180-94.97.1 kernel-macros-4.4.180-94.97.1 kernel-source-4.4.180-94.97.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.180-94.97.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-1-4.3.3 kgraft-patch-4_4_180-94_97-default-debuginfo-1-4.3.3 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.97.1 cluster-md-kmp-default-debuginfo-4.4.180-94.97.1 dlm-kmp-default-4.4.180-94.97.1 dlm-kmp-default-debuginfo-4.4.180-94.97.1 gfs2-kmp-default-4.4.180-94.97.1 gfs2-kmp-default-debuginfo-4.4.180-94.97.1 kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 ocfs2-kmp-default-4.4.180-94.97.1 ocfs2-kmp-default-debuginfo-4.4.180-94.97.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.180-94.97.1 kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 kernel-default-devel-4.4.180-94.97.1 kernel-default-extra-4.4.180-94.97.1 kernel-default-extra-debuginfo-4.4.180-94.97.1 kernel-syms-4.4.180-94.97.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.180-94.97.1 kernel-macros-4.4.180-94.97.1 kernel-source-4.4.180-94.97.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.180-94.97.1 kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.180-94.97.1 kernel-default-debuginfo-4.4.180-94.97.1 kernel-default-debugsource-4.4.180-94.97.1 References: https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019696 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1108293 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120642 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1126040 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132212 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133874 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134338 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134564 https://bugzilla.suse.com/1134565 https://bugzilla.suse.com/1134566 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135013 https://bugzilla.suse.com/1135014 https://bugzilla.suse.com/1135015 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135878 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136448 https://bugzilla.suse.com/1136449 https://bugzilla.suse.com/1136451 https://bugzilla.suse.com/1136452 https://bugzilla.suse.com/1136455 https://bugzilla.suse.com/1136458 https://bugzilla.suse.com/1136539 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136575 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136590 https://bugzilla.suse.com/1136623 https://bugzilla.suse.com/1136810 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137142 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/843419 From sle-updates at lists.suse.com Mon Jun 17 18:15:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 02:15:52 +0200 (CEST) Subject: SUSE-SU-2019:1527-1: important: Security update for the Linux Kernel Message-ID: <20190618001552.CE592FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1527-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1019695 #1019696 #1022604 #1053043 #1063638 #1065600 #1066223 #1085535 #1085539 #1090888 #1099658 #1100132 #1106110 #1106284 #1106929 #1108293 #1108838 #1110785 #1110946 #1112063 #1112178 #1116803 #1117562 #1119086 #1120642 #1120843 #1120885 #1120902 #1122776 #1125580 #1126040 #1126356 #1128052 #1129138 #1129770 #1130972 #1131107 #1131488 #1131543 #1131565 #1132212 #1132374 #1132472 #1133188 #1133874 #1134160 #1134162 #1134338 #1134537 #1134564 #1134565 #1134566 #1134651 #1134760 #1134806 #1134813 #1134848 #1135013 #1135014 #1135015 #1135100 #1135120 #1135281 #1135603 #1135642 #1135661 #1135878 #1136424 #1136438 #1136446 #1136448 #1136449 #1136451 #1136452 #1136455 #1136458 #1136539 #1136573 #1136575 #1136586 #1136590 #1136623 #1136810 #1136935 #1136990 #1137142 #1137162 #1137586 #1137739 #1137752 #843419 Cross-References: CVE-2013-4343 CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 81 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843). - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bnc#1133188) The following new features were implemented: - Updated the Chelsio cxgb4vf driver with the latest upstream patches. (fate#321660) - Backported changes into e1000e kernel module to support systems using the Intel I219-LM NIC chip. (fate#326719) - Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747) - Update the QLogic/Cavium qed driver (NET). (fate#321703) - Update the QLogic/Cavium qede driver (NET). (fate#321702) - Update the Chelsio iw_cxgb4 driver with the latest upstream patches. (fate#321661) - Update the Chelsio cxgb4 driver with the latest upstream patches. (fate#321658) - Update support for Intel Omni Path (OPA) kernel driver. (fate#321473) - Update the QIB driver to the latest upstream version for up-to-date functionality and hardware support. (fate#321231) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bnc#1012382). - 9p: do not trust pdu content for stat item size (bnc#1012382). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382). - ALSA: PCM: check if ops are defined before suspending PCM (bnc#1012382). - ALSA: core: Fix card races between register and disconnect (bnc#1012382). - ALSA: echoaudio: add a check for ioremap_nocache (bnc#1012382). - ALSA: info: Fix racy addition/deletion of nodes (bnc#1012382). - ALSA: line6: use dynamic buffers (bnc#1012382). - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382). - ALSA: sb8: add a check for request_region (bnc#1012382). - ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012382). - ARM: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382). - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382). - ARM: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382). - ARM: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382). - ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382). - ARM: dts: pfla02: increase phy reset duration (bnc#1012382). - ARM: iop: do not use using 64-bit DMA masks (bnc#1012382). - ARM: orion: do not use using 64-bit DMA masks (bnc#1012382). - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382). - ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382). - ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382). - ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382). - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382). - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382). - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382). - Bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382). - CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - Correct bsc/FATE numbers. - Do not jump to compute_result state from check_result state (bnc#1012382). - Documentation: Add MDS vulnerability documentation (bnc#1012382). - Documentation: Add nospectre_v1 parameter (bnc#1012382). - Documentation: Correct the possible MDS sysfs values (bnc#1012382). - Documentation: Move L1TF to separate directory (bnc#1012382). - HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382). - HID: input: add mapping for Expose/Overview key (bnc#1012382). - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382). - IB/hfi1: Eliminate opcode tests on mr deref (). - IB/hfi1: Unreserve a reserved request when it is completed (). - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382). - IB/mlx4: Increase the timeout for CM cache (bnc#1012382). - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace (). - IB/rdmavt: Fix frwr memory registration (). - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382). - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382). - KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382). - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382). - MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382). - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - NFS: Fix I/O request leakages (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382). - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382). - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142). - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1100132). - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781). - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604). - Revert "block/loop: Use global lock for ioctl() operation." (bnc#1012382). - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (bsc#1110946). - Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable backports). - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (bsc#1110946). - Revert "kbuild: use -Oz instead of -Os when using clang" (bnc#1012382). - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" (bnc#1012382). - Revert "netns: provide pure entropy for net_hash_mix()" (kabi). - Revert "sched: Add sched_smt_active()" (stable backports). - Revert "x86/MCE: Save microcode revision in machine check records" (kabi). - Revert "x86/kprobes: Verify stack frame on kretprobe" (kabi). - Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable backports). - Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable backports). - SoC: imx-sgtl5000: add missing put_device() (bnc#1012382). - UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770). - UAS: fix alignment of scatter/gather segments (bsc#1129770). - USB: Add new USB LPM helpers (bsc#1129770). - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - USB: cdc-acm: fix unthrottle races (bsc#1135642). - USB: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382). - USB: core: Fix unterminated string returned by usb_string() (bnc#1012382). - USB: serial: fix unthrottle races (bnc#1012382). - USB: serial: use variable for status (bnc#1012382). - USB: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382). - USB: yurex: Fix protection fault after device removal (bnc#1012382). - X.509: unpack RSA signatureValue field from BIT STRING (git-fixes). - appletalk: Fix compile regression (bnc#1012382). - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382). - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040). - arm64: Add helper to decode register from instruction (bsc#1126040). - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382). - arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382). - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382). - arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382). - arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040). - arm64: module: split core and init PLT sections (bsc#1126040). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929) - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: comment on direct access to bvec table (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_device_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bnc#1012382). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bnc#1012382). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: trace missed reading by cache_missed (bsc#1130972). - bcache: treat stale && dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: writeback: properly order backing device IO (bsc#1130972). - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382). - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382). - block: check_events: do not bother with events if unsupported (bsc#1110946). - block: disk_events: introduce event flags (bsc#1110946). - block: do not leak memory in bio_copy_user_iov() (bnc#1012382). - block: fix use-after-free on gendisk (bsc#1136448). - bnxt_en: Improve multicast address setup logic (bnc#1012382). - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382). - bonding: fix event handling for stacked bonds (bnc#1012382). - bonding: show full hw address in sysfs for slave entries (bnc#1012382). - bpf: reject wrong sized filters earlier (bnc#1012382). - bridge: Fix error path for kobject_init_and_add() (bnc#1012382). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - cdc-acm: cleaning up debug in data submission path (bsc#1136539). - cdc-acm: fix race between reset and control messaging (bsc#1106110). - cdc-acm: handle read pipe errors (bsc#1135878). - cdc-acm: reassemble fragmented notifications (bsc#1136590). - cdc-acm: store in and out pipes in acm structure (bsc#1136575). - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134565). - ceph: only use d_name directly when parent is locked (bsc#1134566). - cifs: Fix NULL pointer dereference of devname (bnc#1012382). - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382). - cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382). - cifs: use correct format characters (bnc#1012382). - clk: fix mux clock documentation (bsc#1090888). - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - cpupower: remove stringop-truncation waring (bsc#1119086). - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382). - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162). - crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382). - debugfs: fix use-after-free on symlink traversal (bnc#1012382). - device_cgroup: fix RCU imbalance in error case (bnc#1012382). - dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382). - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382). - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382). - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929) - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929) - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929) - drm/vc4: Account for interrupts in flight (bsc#1106929) - drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929) - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() (bsc#1106929) - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929) - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929) - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929) - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929) - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929) - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929) - drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929) - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929) - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929) - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1106929) - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929) - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929) - drm/vc4: Move IRQ enable to PM path (bsc#1106929) - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar (bsc#1106929) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929) - drm/vc4: Use drm_free_large() on handles to match its allocation. (bsc#1106929) - drm/vc4: fix a bounds check (bsc#1106929) - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929) - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535). - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ). - e1000e: Add Support for CannonLake (bsc#1108293). - e1000e: Fix -Wformat-truncation warnings (bnc#1012382). - e1000e: Initial Support for CannonLake (bsc#1108293 ). - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458). - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810). - ext4: actually request zeroing of inode table after grow (bsc#1136451). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623). - ext4: prohibit fstrim in norecovery mode (bnc#1012382). - ext4: report real fs size after failed resize (bnc#1012382). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - f2fs: do not use mutex lock in atomic context (bnc#1012382). - f2fs: fix to do sanity check with current segment number (bnc#1012382). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382). - fs/file.c: initialize init_files.resize_wait (bnc#1012382). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382). - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genirq: Prevent use-after-free and work list corruption (bnc#1012382). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bnc#1012382). - gpio: gpio-omap: fix level interrupt idling (bnc#1012382). - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382). - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382). - hugetlbfs: fix memory leak for resv_map (bnc#1012382). - hwrng: virtio - Avoid repeated init of completion (bnc#1012382). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012382). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382). - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382). - iio: ad_sigma_delta: select channel when reading register (bnc#1012382). - iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382). - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382). - include/linux/bitrev.h: fix constant bitrev (bnc#1012382). - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382). - init: initialize jump labels before command line option parsing (bnc#1012382). - io: accel: kxcjk1013: restore the range after resume (bnc#1012382). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135013). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120). - ipv4: Fix raw socket lookup for local traffic (bnc#1012382). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382). - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382). - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382). - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382). - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382). - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382). - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382). - ipvs: do not schedule icmp errors from tunnels (bnc#1012382). - jffs2: fix use-after-free on symlink traversal (bnc#1012382). - kABI: protect ring_buffer_read_prepare (kabi). - kABI: protect struct tlb_state (kabi). - kABI: protect struct usb_interface (kabi). - kABI: restore ___ptrace_may_access (kabi). - kABI: restore icmp_send (kabi). - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040) - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382). - kbuild: simplify ld-option implementation (bnc#1012382). - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382). - kconfig: display recursive dependency resolution hint just once (bsc#1100132). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382). - keys: Timestamp new keys (bsc#1120902). - kprobes: Fix error check when reusing optimized probes (bnc#1012382). - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382). - kprobes: Prohibit probing on bsearch() (bnc#1012382). - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382). - lib/div64.c: off by one in shift (bnc#1012382). - lib/int_sqrt: optimize initial value compute (bnc#1012382). - lib/string.c: implement a basic bcmp (bnc#1012382). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bnc#1012382). - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: do not call driver wake_tx_queue op during reconfig (bnc#1012382). - mac80211_hwsim: validate number of different channels (bsc#1085539). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212). - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: pvrusb2: Prevent a buffer overflow (bsc#1135642). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bnc#1012382). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1120902). - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382). - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382). - mm/slab.c: kmemleak no scan alien caches (bnc#1012382). - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382). - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012382). - mmc: davinci: remove extraneous __init annotation (bnc#1012382). - mmc: omap: fix the maximum timeout setting (bnc#1012382). - modpost: file2alias: check prototype of handler (bnc#1012382). - modpost: file2alias: go back to simple devtable lookup (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mt7601u: bump supported EEPROM version (bnc#1012382). - mtd: Fix comparison in map_word_andequal() (git-fixes). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (bnc#1012382). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562). - net: ethernet: ti: fix possible object reference leak (bnc#1012382). - net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (bnc#1012382). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382). - net: ibm: fix possible object reference leak (bnc#1012382). - net: ks8851: Delay requesting IRQ until opened (bnc#1012382). - net: ks8851: Dequeue RX packets explicitly (bnc#1012382). - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382). - net: ks8851: Set initial carrier state to down (bnc#1012382). - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() (bnc#1012382). - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382). - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382). - net: xilinx: fix possible object reference leak (bnc#1012382). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382). - netfilter: compat: initialize all fields in xt_init (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382). - netfilter: physdev: relax br_netfilter dependency (bnc#1012382). - netns: provide pure entropy for net_hash_mix() (bnc#1012382). - nfs: clean up rest of reqs when failing to add one (git-fixes). - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382). - openvswitch: fix flow actions reallocation (bnc#1012382). - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes). - packet: Fix error path in packet_init (bnc#1012382). - packet: validate msg_namelen in send directly (bnc#1012382). - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382). - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382). - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() (bnc#1012382). - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test (bnc#1012382). - perf top: Fix error handling in cmd_top() (bnc#1012382). - perf/core: Restore mmap record type correctly (bnc#1012382). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes). - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382). - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382). - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382). - powerpc/64s: Include cpu header (bnc#1012382). - powerpc/booke64: set RI in default MSR (bnc#1012382). - powerpc/eeh: Fix race with driver un/bind (bsc#1066223). - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382). - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382). - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382). - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382). - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382). - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382). - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382). - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382). - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382). - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382). - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043). - powerpc/process: Fix sparse address space warnings (bsc#1066223). - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382). - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696). - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382). - qmi_wwan: add Olicard 600 (bnc#1012382). - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bnc#1012382). - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382). - rtc: da9063: set uie_unsupported when relevant (bnc#1012382). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382). - s390/3270: fix lockdep false positive on view->lock (bnc#1012382). - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382). - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382). - sc16is7xx: move label 'err_spi' to correct section (git-fixes). - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (bnc#1012382). - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (bnc#1012382). - sched/numa: Fix a possible divide-by-zero (bnc#1012382). - sched: Add sched_smt_active() (bnc#1012382). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (bnc#1012382). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382). - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382). - scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382). - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382). - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382). - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382). - sctp: initialize _pad of sockaddr_in before copying to user memory (bnc#1012382). - selftests/net: correct the return value for run_netsocktests (bnc#1012382). - selinux: never allow relabeling on context mounts (bnc#1012382). - serial: uartps: console_setup() can't be placed to init section (bnc#1012382). - slip: make slhc_free() silently accept an error pointer (bnc#1012382). - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382). - staging: iio: adt7316: fix the dac read calculation (bnc#1012382). - staging: iio: adt7316: fix the dac write calculation (bnc#1012382). - supported.conf: add lib/crc64 because bcache uses it - sysctl: handle overflow for file-max (bnc#1012382). - tcp: Ensure DCTCP reacts to losses (bnc#1012382). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382). - team: fix possible recursive locking when add slaves (bnc#1012382). - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382). - thermal/int340x_thermal: fix mode setting (bnc#1012382). - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382). - tipc: handle the err returned from cmd header function (bnc#1012382). - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tools/power turbostat: return the exit status of a command (bnc#1012382). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bnc#1012382). - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - tracing: kdb: Fix ftdump to not sleep (bnc#1012382). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382). - tty: increase the default flip buffer limit to 2*640K (bnc#1012382). - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bnc#1012382). - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382). - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382). - usb: u132-hcd: fix resource leak (bnc#1012382). - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (bnc#1012382). - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382). - vfio/pci: use correct format characters (bnc#1012382). - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382). - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bnc#1012382). - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382). - x86/MCE: Save microcode revision in machine check records (bnc#1012382). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382). - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382). - x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382). - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382). - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382). - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382). - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382). - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382). - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error (bnc#1012382). - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382). - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382). - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382). - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382). - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382). - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382). - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382). - x86/speculataion: Mark command line parser data __initdata (bnc#1012382). - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382). - x86/speculation/mds: Fix comment (bnc#1012382). - x86/speculation/mds: Fix documentation typo (bnc#1012382). - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382). - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382). - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bnc#1012382). - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382). - x86/speculation: Mark string arrays const correctly (bnc#1012382). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bnc#1012382). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bnc#1012382). - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382). - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382). - x86/speculation: Provide IBPB always command line options (bnc#1012382). - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation (bnc#1012382). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382). - x86/speculation: Rename SSBD update functions (bnc#1012382). - x86/speculation: Reorder the spec_v2 code (bnc#1012382). - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382). - x86/speculation: Split out TIF update (bnc#1012382). - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382). - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382). - x86/speculation: Update the TIF_SSBD comment (bnc#1012382). - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382). - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes). - x86: vdso: Use $LD instead of $CC to link (bnc#1012382). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xsysace: Fix error handling in ace_setup (bnc#1012382). - xtensa: fix return_address (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1527=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.180-4.31.1 kernel-source-azure-4.4.180-4.31.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.180-4.31.1 kernel-azure-base-4.4.180-4.31.1 kernel-azure-base-debuginfo-4.4.180-4.31.1 kernel-azure-debuginfo-4.4.180-4.31.1 kernel-azure-debugsource-4.4.180-4.31.1 kernel-azure-devel-4.4.180-4.31.1 kernel-syms-azure-4.4.180-4.31.1 References: https://www.suse.com/security/cve/CVE-2013-4343.html https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1019696 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1108293 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120642 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120885 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126040 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132212 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133874 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134338 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134564 https://bugzilla.suse.com/1134565 https://bugzilla.suse.com/1134566 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135013 https://bugzilla.suse.com/1135014 https://bugzilla.suse.com/1135015 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135878 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136448 https://bugzilla.suse.com/1136449 https://bugzilla.suse.com/1136451 https://bugzilla.suse.com/1136452 https://bugzilla.suse.com/1136455 https://bugzilla.suse.com/1136458 https://bugzilla.suse.com/1136539 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136575 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136590 https://bugzilla.suse.com/1136623 https://bugzilla.suse.com/1136810 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137142 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/843419 From sle-updates at lists.suse.com Mon Jun 17 18:28:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 02:28:03 +0200 (CEST) Subject: SUSE-SU-2019:1535-1: important: Security update for the Linux Kernel Message-ID: <20190618002803.C4E8DFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1535-1 Rating: important References: #1012382 #1050242 #1051510 #1053043 #1055186 #1056787 #1058115 #1061840 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1071995 #1075020 #1082387 #1083647 #1085535 #1099658 #1103992 #1104353 #1104427 #1106011 #1106284 #1108193 #1108838 #1108937 #1110946 #1111696 #1112063 #1113722 #1114427 #1115688 #1117158 #1117561 #1118139 #1119843 #1120091 #1120423 #1120566 #1120843 #1120902 #1122776 #1123454 #1123663 #1124503 #1124839 #1126356 #1127616 #1128052 #1128904 #1128979 #1129138 #1129273 #1129497 #1129693 #1129770 #1130579 #1130699 #1130972 #1131326 #1131451 #1131488 #1131565 #1131673 #1132044 #1133176 #1133188 #1133190 #1133320 #1133612 #1133616 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134354 #1134393 #1134459 #1134460 #1134461 #1134537 #1134597 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1135006 #1135007 #1135008 #1135056 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136206 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136477 #1136478 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137372 #1137444 #1137586 #1137739 #1137752 Cross-References: CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 131 fixes is now available. Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during usb disconnect (bsc#1051510). - brcmfmac: fix WARNING during usb disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when usb completion is in progress (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - chardev: add additional check for minor range overlap (bsc#1051510). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - config: Debug kernel is not supported (bsc#1135492). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipmi_ssif: update patch reference for ipmi_ssif fix (bsc#1135120) - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid flush_work in atomic context (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (bsc#1130699, CVE-2019-10124). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: fix possible use after free of host (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: Enable NFSv4.2 support - jsc at PM-231 - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - snd: re-export snd_cards for kABI compatibility (bsc#1051510). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen/pciback: Do not disable pci_COMMAND on pci device reset (bsc#1065600). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1535=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1535=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.30.1 kernel-azure-base-4.12.14-5.30.1 kernel-azure-base-debuginfo-4.12.14-5.30.1 kernel-azure-debuginfo-4.12.14-5.30.1 kernel-azure-devel-4.12.14-5.30.1 kernel-syms-azure-4.12.14-5.30.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.30.1 kernel-source-azure-4.12.14-5.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-devel-azure-4.12.14-5.30.1 kernel-source-azure-4.12.14-5.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-azure-4.12.14-5.30.1 cluster-md-kmp-azure-debuginfo-4.12.14-5.30.1 dlm-kmp-azure-4.12.14-5.30.1 dlm-kmp-azure-debuginfo-4.12.14-5.30.1 gfs2-kmp-azure-4.12.14-5.30.1 gfs2-kmp-azure-debuginfo-4.12.14-5.30.1 kernel-azure-4.12.14-5.30.1 kernel-azure-base-4.12.14-5.30.1 kernel-azure-base-debuginfo-4.12.14-5.30.1 kernel-azure-debuginfo-4.12.14-5.30.1 kernel-azure-debugsource-4.12.14-5.30.1 kernel-azure-devel-4.12.14-5.30.1 kernel-azure-devel-debuginfo-4.12.14-5.30.1 kernel-azure-extra-4.12.14-5.30.1 kernel-azure-extra-debuginfo-4.12.14-5.30.1 kernel-azure-livepatch-4.12.14-5.30.1 kernel-syms-azure-4.12.14-5.30.1 kselftests-kmp-azure-4.12.14-5.30.1 kselftests-kmp-azure-debuginfo-4.12.14-5.30.1 ocfs2-kmp-azure-4.12.14-5.30.1 ocfs2-kmp-azure-debuginfo-4.12.14-5.30.1 reiserfs-kmp-azure-4.12.14-5.30.1 reiserfs-kmp-azure-debuginfo-4.12.14-5.30.1 References: https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 From sle-updates at lists.suse.com Mon Jun 17 18:49:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 02:49:23 +0200 (CEST) Subject: SUSE-SU-2019:1534-1: important: Security update for the Linux Kernel Message-ID: <20190618004923.124D8FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1534-1 Rating: important References: #1099658 #1106284 #1110785 #1113769 #1120843 #1120885 #1131543 #1131565 #1132374 #1132472 #1134537 #1134596 #1134848 #1135281 #1135603 #1136424 #1136446 #1136586 #1136935 #1137586 Cross-References: CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1134596). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1134596). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1534=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1534=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1534=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1534=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1534=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1534=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1534=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.114.1 kernel-default-base-4.4.121-92.114.1 kernel-default-base-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 kernel-default-devel-4.4.121-92.114.1 kernel-syms-4.4.121-92.114.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_114-default-1-3.5.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.114.1 kernel-macros-4.4.121-92.114.1 kernel-source-4.4.121-92.114.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.114.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.114.1 kernel-default-base-4.4.121-92.114.1 kernel-default-base-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 kernel-default-devel-4.4.121-92.114.1 kernel-syms-4.4.121-92.114.1 kgraft-patch-4_4_121-92_114-default-1-3.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.114.1 kernel-macros-4.4.121-92.114.1 kernel-source-4.4.121-92.114.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.114.1 kernel-default-base-4.4.121-92.114.1 kernel-default-base-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 kernel-default-devel-4.4.121-92.114.1 kernel-syms-4.4.121-92.114.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-1-3.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.114.1 kernel-macros-4.4.121-92.114.1 kernel-source-4.4.121-92.114.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.114.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.114.1 kernel-default-base-4.4.121-92.114.1 kernel-default-base-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 kernel-default-devel-4.4.121-92.114.1 kernel-syms-4.4.121-92.114.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.114.1 kernel-macros-4.4.121-92.114.1 kernel-source-4.4.121-92.114.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.114.1 cluster-md-kmp-default-debuginfo-4.4.121-92.114.1 cluster-network-kmp-default-4.4.121-92.114.1 cluster-network-kmp-default-debuginfo-4.4.121-92.114.1 dlm-kmp-default-4.4.121-92.114.1 dlm-kmp-default-debuginfo-4.4.121-92.114.1 gfs2-kmp-default-4.4.121-92.114.1 gfs2-kmp-default-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 ocfs2-kmp-default-4.4.121-92.114.1 ocfs2-kmp-default-debuginfo-4.4.121-92.114.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.114.1 kernel-macros-4.4.121-92.114.1 kernel-source-4.4.121-92.114.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.114.1 kernel-default-base-4.4.121-92.114.1 kernel-default-base-debuginfo-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 kernel-default-devel-4.4.121-92.114.1 kernel-syms-4.4.121-92.114.1 kgraft-patch-4_4_121-92_114-default-1-3.5.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.114.1 kernel-default-debuginfo-4.4.121-92.114.1 kernel-default-debugsource-4.4.121-92.114.1 References: https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120885 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1134537 https://bugzilla.suse.com/1134596 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137586 From sle-updates at lists.suse.com Tue Jun 18 04:12:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 12:12:14 +0200 (CEST) Subject: SUSE-RU-2019:1537-1: important: Recommended update for tcmu-runner Message-ID: <20190618101214.5DD1FFFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1537-1 Rating: important References: #1135369 #1135815 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tcmu-runner fixes the following issues: tcmu-runner was updated to version 1.4.0: * Disable explicit alua support. * logger: notification on changing the options for dynamic reloading * logger: update .gitignore for logrotate.conf_install.cmake * logger: fix the return value * Sync sig handler naming. * Add logrotate support * Move starting log message. * Allow log file restart from SIGHUP * Simplify log outputs - Add explicit libtcmu package dependency to avoid incorrect upstream .so versioning (bsc#1135815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1537=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1537=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1537=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtcmu2-1.4.0-3.3.5 libtcmu2-debuginfo-1.4.0-3.3.5 tcmu-runner-1.4.0-3.3.5 tcmu-runner-debuginfo-1.4.0-3.3.5 tcmu-runner-debugsource-1.4.0-3.3.5 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libtcmu2-1.4.0-3.3.5 libtcmu2-debuginfo-1.4.0-3.3.5 tcmu-runner-1.4.0-3.3.5 tcmu-runner-debuginfo-1.4.0-3.3.5 tcmu-runner-debugsource-1.4.0-3.3.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): tcmu-runner-debuginfo-1.4.0-3.3.5 tcmu-runner-debugsource-1.4.0-3.3.5 tcmu-runner-handler-rbd-1.4.0-3.3.5 tcmu-runner-handler-rbd-debuginfo-1.4.0-3.3.5 References: https://bugzilla.suse.com/1135369 https://bugzilla.suse.com/1135815 From sle-updates at lists.suse.com Tue Jun 18 04:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 12:13:03 +0200 (CEST) Subject: SUSE-RU-2019:14087-1: moderate: Recommended update for pure-ftpd Message-ID: <20190618101303.6A56EFFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14087-1 Rating: moderate References: #1119187 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pure-ftpd fixes the following issues: - Adds a configuration option that sets the process memory limit used by "ls" for globbing. The value can be specified as optional third argument to "-L" (or LimitRecursion in config file). The old configuration files will still work. (bsc#1119187) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-pure-ftpd-14087=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-pure-ftpd-14087=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pure-ftpd-14087=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-pure-ftpd-14087=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): pure-ftpd-1.0.43-30.5.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): pure-ftpd-1.0.43-30.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): pure-ftpd-debuginfo-1.0.43-30.5.2 pure-ftpd-debugsource-1.0.43-30.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): pure-ftpd-debuginfo-1.0.43-30.5.2 pure-ftpd-debugsource-1.0.43-30.5.2 References: https://bugzilla.suse.com/1119187 From sle-updates at lists.suse.com Tue Jun 18 07:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 15:11:07 +0200 (CEST) Subject: SUSE-RU-2019:1542-1: moderate: Recommended update for cloud-init Message-ID: <20190618131107.45B73FFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1542-1 Rating: moderate References: #1116767 #1119397 #1121878 #1123694 #1125950 #1125992 #1126101 #1132692 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for cloud-init to version 18.5 fixes the following issues: - When the user configures a new rules file for network devices the rules may not apply immediately, trigger udevadm (bsc#1125950) - Fix the order of calls, the SUSE implementation of route config file writing must clobber the default implementation (bsc#1125992) - Use the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101) - Drop a '-' in the route file for the last column (bsc#1123694) - Fixes an issue where only the last route was defined for a subnet (bsc#1132692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1542=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1542=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-18.5-5.8.1 cloud-init-config-suse-18.5-5.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cloud-init-doc-18.5-5.8.1 References: https://bugzilla.suse.com/1116767 https://bugzilla.suse.com/1119397 https://bugzilla.suse.com/1121878 https://bugzilla.suse.com/1123694 https://bugzilla.suse.com/1125950 https://bugzilla.suse.com/1125992 https://bugzilla.suse.com/1126101 https://bugzilla.suse.com/1132692 From sle-updates at lists.suse.com Tue Jun 18 07:24:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 15:24:31 +0200 (CEST) Subject: SUSE-RU-2019:1543-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20190618132431.68B75FFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1543-1 Rating: moderate References: #1128428 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enabling nvmefc-boot-connections.service to discover network-provided nvme drives on boot (bsc#1128428) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1543=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1543=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-presets-branding-SLE-12.2-10.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-presets-branding-SLE-12.2-10.3.1 References: https://bugzilla.suse.com/1128428 From sle-updates at lists.suse.com Tue Jun 18 07:25:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 15:25:11 +0200 (CEST) Subject: SUSE-RU-2019:1540-1: moderate: Recommended update for yast2-firstboot Message-ID: <20190618132511.42DE1FFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1540-1 Rating: moderate References: #1131301 #1131327 #1132189 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-firstboot fixes the following issues: - Fixes an issue where license terms checkbox gets cleared after pressing next button (bsc#1131327) - firstboot.xml template was updated to use the "firstboot_licenses" client for the license agreement - Fixes another issue when displaying license agreements to cover more scenarios (bsc#1131327) - Disable duplicate license dialogs (bsc#1131301) - Initialize product in firstboot (bsc#1132189) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1540=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1540=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-firstboot-3.1.23-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-firstboot-3.1.23-3.3.1 References: https://bugzilla.suse.com/1131301 https://bugzilla.suse.com/1131327 https://bugzilla.suse.com/1132189 From sle-updates at lists.suse.com Tue Jun 18 07:26:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 15:26:10 +0200 (CEST) Subject: SUSE-RU-2019:1541-1: moderate: Recommended update for yast2-firstboot Message-ID: <20190618132610.BD6F1FFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1541-1 Rating: moderate References: #1131327 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-firstboot fixes the following issues: - firstboot.xml template was updated to use the "firstboot_licenses" client for the license agreement - Fixes another issue when displaying license agreements to cover more scenarios (bsc#1131327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1541=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-firstboot-4.0.7-3.9.1 References: https://bugzilla.suse.com/1131327 From sle-updates at lists.suse.com Tue Jun 18 07:26:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 15:26:53 +0200 (CEST) Subject: SUSE-RU-2019:1544-1: moderate: Recommended update for python-kiwi Message-ID: <20190618132653.D79CDFFE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1544-1 Rating: moderate References: #1128146 #1134873 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Update compression flag for qcow2 format. (bsc#1128146) (bsc#1134873) - Refactoring for the evaluation of the compress flag in the runtime config. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1544=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1544=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1544=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.17-3.16.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.17-3.16.1 dracut-kiwi-live-9.17.17-3.16.1 dracut-kiwi-oem-dump-9.17.17-3.16.1 dracut-kiwi-oem-repart-9.17.17-3.16.1 dracut-kiwi-overlay-9.17.17-3.16.1 kiwi-man-pages-9.17.17-3.16.1 kiwi-tools-9.17.17-3.16.1 kiwi-tools-debuginfo-9.17.17-3.16.1 python-kiwi-debugsource-9.17.17-3.16.1 python2-kiwi-9.17.17-3.16.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-pxeboot-9.17.17-3.16.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-kiwi-lib-9.17.17-3.16.1 dracut-kiwi-live-9.17.17-3.16.1 dracut-kiwi-oem-dump-9.17.17-3.16.1 dracut-kiwi-oem-repart-9.17.17-3.16.1 dracut-kiwi-overlay-9.17.17-3.16.1 kiwi-pxeboot-9.17.17-3.16.1 kiwi-tools-9.17.17-3.16.1 kiwi-tools-debuginfo-9.17.17-3.16.1 python-kiwi-debugsource-9.17.17-3.16.1 References: https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1134873 From sle-updates at lists.suse.com Tue Jun 18 10:44:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 18:44:59 +0200 (CEST) Subject: SUSE-SU-2019:14089-1: important: Security update for the Linux Kernel Message-ID: <20190618164459.EFAEAFF12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14089-1 Rating: important References: #1110785 #1113769 #1119314 #1120326 #1120843 #1120885 #1131295 #1131543 #1132374 #1132472 #1132580 #1133188 #1134102 #1134729 #1134848 #1137586 #923908 #939260 Cross-References: CVE-2014-9710 CVE-2018-17972 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11884 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel version 3.0.101 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2014-9710: The Btrfs implementation in the Linux kernel did not ensure that the visible xattr state is consistent with a requested replacement, which allowed local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data did not fit (bnc#923908). - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). The following non-security bugs were fixed: - cifs: fix uninitialized memory access (bsc#1120326). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kernel: Add CEX7 toleration support (bsc#1131295). - net: ipsec: fix a kernel oops caused by reentrant workqueue (bsc#1119314). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86/MCE: Handle "nosmt" offlining properly (bsc#1134729). - xfs: do not cache inodes read through bulkstat (bsc#1134102). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14089=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14089=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14089=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.95.2 kernel-default-base-3.0.101-108.95.2 kernel-default-devel-3.0.101-108.95.2 kernel-source-3.0.101-108.95.1 kernel-syms-3.0.101-108.95.1 kernel-trace-3.0.101-108.95.2 kernel-trace-base-3.0.101-108.95.2 kernel-trace-devel-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.95.2 kernel-ec2-base-3.0.101-108.95.2 kernel-ec2-devel-3.0.101-108.95.2 kernel-xen-3.0.101-108.95.2 kernel-xen-base-3.0.101-108.95.2 kernel-xen-devel-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.95.2 kernel-bigmem-base-3.0.101-108.95.2 kernel-bigmem-devel-3.0.101-108.95.2 kernel-ppc64-3.0.101-108.95.2 kernel-ppc64-base-3.0.101-108.95.2 kernel-ppc64-devel-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.95.2 kernel-pae-base-3.0.101-108.95.2 kernel-pae-devel-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.95.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.95.2 kernel-default-debugsource-3.0.101-108.95.2 kernel-trace-debuginfo-3.0.101-108.95.2 kernel-trace-debugsource-3.0.101-108.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.95.2 kernel-trace-devel-debuginfo-3.0.101-108.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.95.2 kernel-ec2-debugsource-3.0.101-108.95.2 kernel-xen-debuginfo-3.0.101-108.95.2 kernel-xen-debugsource-3.0.101-108.95.2 kernel-xen-devel-debuginfo-3.0.101-108.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.95.2 kernel-bigmem-debugsource-3.0.101-108.95.2 kernel-ppc64-debuginfo-3.0.101-108.95.2 kernel-ppc64-debugsource-3.0.101-108.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.95.2 kernel-pae-debugsource-3.0.101-108.95.2 kernel-pae-devel-debuginfo-3.0.101-108.95.2 References: https://www.suse.com/security/cve/CVE-2014-9710.html https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1119314 https://bugzilla.suse.com/1120326 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120885 https://bugzilla.suse.com/1131295 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1132580 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1134102 https://bugzilla.suse.com/1134729 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/923908 https://bugzilla.suse.com/939260 From sle-updates at lists.suse.com Tue Jun 18 10:48:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 18:48:05 +0200 (CEST) Subject: SUSE-SU-2019:1547-1: important: Security update for libvirt Message-ID: <20190618164805.BCB77FF12@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1547-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1547=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1547=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1547=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.33.2 libvirt-devel-3.3.0-5.33.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.33.2 libvirt-admin-3.3.0-5.33.2 libvirt-admin-debuginfo-3.3.0-5.33.2 libvirt-client-3.3.0-5.33.2 libvirt-client-debuginfo-3.3.0-5.33.2 libvirt-daemon-3.3.0-5.33.2 libvirt-daemon-config-network-3.3.0-5.33.2 libvirt-daemon-config-nwfilter-3.3.0-5.33.2 libvirt-daemon-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-interface-3.3.0-5.33.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-lxc-3.3.0-5.33.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-network-3.3.0-5.33.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-nodedev-3.3.0-5.33.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-nwfilter-3.3.0-5.33.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-qemu-3.3.0-5.33.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-secret-3.3.0-5.33.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-3.3.0-5.33.2 libvirt-daemon-driver-storage-core-3.3.0-5.33.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-disk-3.3.0-5.33.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.33.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-logical-3.3.0-5.33.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.33.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.33.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.33.2 libvirt-daemon-hooks-3.3.0-5.33.2 libvirt-daemon-lxc-3.3.0-5.33.2 libvirt-daemon-qemu-3.3.0-5.33.2 libvirt-debugsource-3.3.0-5.33.2 libvirt-doc-3.3.0-5.33.2 libvirt-libs-3.3.0-5.33.2 libvirt-libs-debuginfo-3.3.0-5.33.2 libvirt-lock-sanlock-3.3.0-5.33.2 libvirt-lock-sanlock-debuginfo-3.3.0-5.33.2 libvirt-nss-3.3.0-5.33.2 libvirt-nss-debuginfo-3.3.0-5.33.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.33.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.33.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.33.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.33.2 libvirt-daemon-xen-3.3.0-5.33.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.33.2 libvirt-admin-3.3.0-5.33.2 libvirt-admin-debuginfo-3.3.0-5.33.2 libvirt-client-3.3.0-5.33.2 libvirt-client-debuginfo-3.3.0-5.33.2 libvirt-daemon-3.3.0-5.33.2 libvirt-daemon-config-network-3.3.0-5.33.2 libvirt-daemon-config-nwfilter-3.3.0-5.33.2 libvirt-daemon-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-interface-3.3.0-5.33.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-libxl-3.3.0-5.33.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-lxc-3.3.0-5.33.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-network-3.3.0-5.33.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-nodedev-3.3.0-5.33.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-nwfilter-3.3.0-5.33.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-qemu-3.3.0-5.33.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-secret-3.3.0-5.33.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-3.3.0-5.33.2 libvirt-daemon-driver-storage-core-3.3.0-5.33.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-disk-3.3.0-5.33.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.33.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-logical-3.3.0-5.33.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.33.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-rbd-3.3.0-5.33.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.33.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.33.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.33.2 libvirt-daemon-lxc-3.3.0-5.33.2 libvirt-daemon-qemu-3.3.0-5.33.2 libvirt-daemon-xen-3.3.0-5.33.2 libvirt-debugsource-3.3.0-5.33.2 libvirt-doc-3.3.0-5.33.2 libvirt-libs-3.3.0-5.33.2 libvirt-libs-debuginfo-3.3.0-5.33.2 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Tue Jun 18 10:49:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 18:49:01 +0200 (CEST) Subject: SUSE-RU-2019:1548-1: moderate: Recommended update for openvswitch Message-ID: <20190618164901.63F7FFF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1548-1 Rating: moderate References: #1130276 #1132029 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: - Updated the version to 2.8.7 to address several bugs. Please refer to this rpm's changelog file in order to see list all fixed bugs (bsc#1130276) - Fixes an issue where openvswitch failed to rotate logs due to permission errors (bsc#1132029) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1548=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.7-4.18.2 libopenvswitch-2_8-0-debuginfo-2.8.7-4.18.2 openvswitch-2.8.7-4.18.2 openvswitch-debuginfo-2.8.7-4.18.2 openvswitch-debugsource-2.8.7-4.18.2 References: https://bugzilla.suse.com/1130276 https://bugzilla.suse.com/1132029 From sle-updates at lists.suse.com Tue Jun 18 10:50:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 18:50:44 +0200 (CEST) Subject: SUSE-RU-2019:1549-1: moderate: Recommended update for autoyast2 Message-ID: <20190618165044.1B5F0FF12@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1549-1 Rating: moderate References: #1134501 Affected Products: SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop Installer 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 fixes the following issues: - Semi-automatic with partition: Do not use the common AY partition workflow. (bsc#1134501) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2019-1549=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1549=1 - SUSE Linux Enterprise Desktop Installer 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP4-2019-1549=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1549=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): autoyast2-3.2.35-3.8.1 autoyast2-installation-3.2.35-3.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): autoyast2-3.2.35-3.8.1 autoyast2-installation-3.2.35-3.8.1 - SUSE Linux Enterprise Desktop Installer 12-SP4 (noarch): autoyast2-3.2.35-3.8.1 autoyast2-installation-3.2.35-3.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): autoyast2-3.2.35-3.8.1 autoyast2-installation-3.2.35-3.8.1 References: https://bugzilla.suse.com/1134501 From sle-updates at lists.suse.com Tue Jun 18 13:56:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 21:56:25 +0200 (CEST) Subject: SUSE-SU-2019:14092-1: moderate: Security update for openssl Message-ID: <20190618195625.C7CDEFF11@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14092-1 Rating: moderate References: #1117951 #1127080 #1131291 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Mitigate the "The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations" attack (bsc#1117951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14092=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14092=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14092=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14092=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.21.1 libopenssl0_9_8-hmac-0.9.8j-0.106.21.1 openssl-0.9.8j-0.106.21.1 openssl-doc-0.9.8j-0.106.21.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): libopenssl0_9_8-32bit-0.9.8j-0.106.21.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.21.1 libopenssl0_9_8-0.9.8j-0.106.21.1 libopenssl0_9_8-hmac-0.9.8j-0.106.21.1 openssl-0.9.8j-0.106.21.1 openssl-doc-0.9.8j-0.106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.21.1 openssl-debugsource-0.9.8j-0.106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.21.1 openssl-debugsource-0.9.8j-0.106.21.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Tue Jun 18 13:57:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jun 2019 21:57:31 +0200 (CEST) Subject: SUSE-SU-2019:1554-1: important: Security update for python-Jinja2 Message-ID: <20190618195731.E31F3FF11@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1554-1 Rating: important References: #1125815 #1132174 #1132323 Cross-References: CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 Affected Products: SUSE OpenStack Cloud 7 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Jinja2 fixes the following issues: Security issues fixed: - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1554=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1554=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-1554=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1554=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-1554=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1554=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1554=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1554=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1554=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Jinja2-2.8-22.8.1 - SUSE Manager Server 3.2 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Manager Server 3.1 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Manager Proxy 3.2 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Manager Proxy 3.1 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Enterprise Storage 5 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE Enterprise Storage 4 (noarch): python-Jinja2-2.8-22.8.1 python3-Jinja2-2.8-22.8.1 - SUSE CaaS Platform ALL (noarch): python-Jinja2-2.8-22.8.1 - SUSE CaaS Platform 3.0 (noarch): python-Jinja2-2.8-22.8.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-Jinja2-2.8-22.8.1 References: https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-8341.html https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 From sle-updates at lists.suse.com Tue Jun 18 16:28:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 00:28:43 +0200 (CEST) Subject: SUSE-SU-2019:1550-1: important: Security update for the Linux Kernel Message-ID: <20190618222843.AE0A0FF11@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1550-1 Rating: important References: #1012382 #1050242 #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1055186 #1056787 #1058115 #1061840 #1063638 #1064802 #1065600 #1065729 #1066129 #1068546 #1070872 #1071995 #1075020 #1082387 #1082555 #1083647 #1085535 #1085536 #1086657 #1088804 #1093389 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1099658 #1103186 #1103259 #1103992 #1104353 #1104427 #1106011 #1106284 #1108193 #1108838 #1108937 #1110946 #1111331 #1111666 #1111696 #1112063 #1112128 #1112178 #1113722 #1113956 #1114279 #1114427 #1114542 #1114638 #1115688 #1117114 #1117158 #1117561 #1118139 #1119680 #1119843 #1120091 #1120318 #1120423 #1120566 #1120843 #1120902 #1122767 #1122776 #1123454 #1123663 #1124503 #1124839 #1126206 #1126356 #1126704 #1127175 #1127371 #1127374 #1127616 #1128052 #1128415 #1128544 #1128904 #1128971 #1128979 #1129138 #1129273 #1129497 #1129693 #1129770 #1129845 #1130195 #1130425 #1130527 #1130567 #1130579 #1130699 #1130937 #1130972 #1131326 #1131427 #1131438 #1131451 #1131467 #1131488 #1131530 #1131565 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132044 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132673 #1132681 #1132726 #1132828 #1132894 #1132943 #1132982 #1133005 #1133016 #1133094 #1133095 #1133115 #1133149 #1133176 #1133188 #1133190 #1133320 #1133486 #1133529 #1133547 #1133584 #1133593 #1133612 #1133616 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 #1133897 #1134090 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134223 #1134354 #1134393 #1134397 #1134459 #1134460 #1134461 #1134597 #1134600 #1134607 #1134618 #1134651 #1134671 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1134945 #1134946 #1134947 #1134948 #1134949 #1134950 #1134951 #1134952 #1134953 #1134972 #1134974 #1134975 #1134980 #1134981 #1134983 #1134987 #1134989 #1134990 #1134994 #1134995 #1134998 #1134999 #1135006 #1135007 #1135008 #1135018 #1135021 #1135024 #1135026 #1135027 #1135028 #1135029 #1135031 #1135033 #1135034 #1135035 #1135036 #1135037 #1135038 #1135039 #1135041 #1135042 #1135044 #1135045 #1135046 #1135047 #1135049 #1135051 #1135052 #1135053 #1135055 #1135056 #1135058 #1135100 #1135120 #1135278 #1135281 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1136188 #1136206 #1136215 #1136345 #1136347 #1136348 #1136353 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136456 #1136460 #1136461 #1136469 #1136477 #1136478 #1136498 #1136573 #1136586 #1136881 #1136935 #1136990 #1137151 #1137152 #1137153 #1137162 #1137201 #1137224 #1137232 #1137233 #1137236 #1137372 #1137429 #1137444 #1137586 #1137739 #1137752 #1138291 #1138293 Cross-References: CVE-2017-5753 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11091 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11811 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-12818 CVE-2019-12819 CVE-2019-3846 CVE-2019-3882 CVE-2019-5489 CVE-2019-8564 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has 318 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) - CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699, CVE-2019-10124). - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bbsc#1133190) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info rmation/SA00233-microcode-update-guidance_05132019. (bsc##1111331) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bsc#1134848) - CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) - CVE-2019-9003: In the Linux kernel, attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. (bsc#1126704) - CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may have lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(bsc#1122767) - CVE-2019-9503: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132828) - CVE-2019-9500: An issue was discovered that lead to brcmfmac heap buffer overflow. (bsc#1132681) - CVE-2019-8564: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132673) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. - CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permitted violation of the user's locked memory limit. If a device was bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may have caused a system memory exhaustion and thus a denial of service (DoS). (bsc#1131427) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - acpi: Add Hygon Dhyana support (). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666). - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Enable micmute LED for Huawei laptops (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666). - alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510). - alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - asoc: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: topology: free created components in tplg load error (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - ath10k: avoid possible string overflow (bsc#1051510). - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() (jsc#SLE-4797). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnx2x: Add support for detection of P2P event packets (bsc#1136498 jsc#SLE-4699). - bnx2x: Bump up driver version to 1.713.36 (bsc#1136498 jsc#SLE-4699). - bnx2x: fix spelling mistake "dicline" -> "decline" (bsc#1136498 jsc#SLE-4699). - bnx2x: fix various indentation issues (bsc#1136498 jsc#SLE-4699). - bnx2x: Remove set but not used variable 'mfw_vn' (bsc#1136498 jsc#SLE-4699). - bnx2x: Replace magic numbers with macro definitions (bsc#1136498 jsc#SLE-4699). - bnx2x: Use struct_size() in kzalloc() (bsc#1136498 jsc#SLE-4699). - bnx2x: Utilize FW 7.13.11.0 (bsc#1136498 jsc#SLE-4699). - bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224). - bnxt_en: Add support for BCM957504 (bsc#1137224). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954). - bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - brcmfmac: fix leak of mypkt on error return path (bsc#1111666). - broadcom: Mark expected switch fall-throughs (bsc#1136498 jsc#SLE-4699). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666). - cgroup: fix parsing empty mount option string (bsc#1133094). - chelsio: use BUG() instead of BUG_ON(1) (bsc#1136345 jsc#SLE-4681). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - config: arm64: enable CN99xx uncore pmu References: bsc#1117114 - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - cpufreq: Add Hygon Dhyana support (). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666). - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666). - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: chcr - ESN for Inline IPSec Tx (bsc#1136353 jsc#SLE-4688). - crypto: chcr - small packet Tx stalls the queue (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - avoid using sa_entry imm (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - check set_msg_len overflow in generate_b0 (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - clean up various indentation issues (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - cleanup:send addr as value in function argument (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - count incomplete block in IV (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix NULL pointer dereference (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix softlockup with heavy I/O (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix wrong error counter increments (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fixed Traffic Stall (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Handle pci shutdown event (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Inline single pdu only (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variable 'kctx_len' (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variables 'adap' (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Reset counters on cxgb4 Detach (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Swap location of AAD and IV sent in WR (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Use same value for both channel in single WR (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove cdev_list_lock (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove set but not used variables 'err, adap, request, hws' (bsc#1136353 jsc#SLE-4688). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: prefix header search paths with $(srctree)/ (bsc#1136353 jsc#SLE-4688). - crypto: qat - move temp buffers off the stack (jsc#SLE-4818). - crypto: qat - no need to check return value of debugfs_create functions (jsc#SLE-4818). - crypto: qat - Remove unused goto label (jsc#SLE-4818). - crypto: qat - Remove VLA usage (jsc#SLE-4818). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4/chtls: Prefix adapter flags with CXGB4 (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Display advertised FEC in ethtool (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Fix up netdev->hw_features (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4/cxgb4vf_main: Mark expected switch fall-through (bsc#1136345 jsc#SLE-4681). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 pci device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 pci device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 pci device ids 0x608a (bsc#1127371). - cxgb4: Add new T6 pci device ids 0x608b (bsc#1136345 jsc#SLE-4681). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: add tcb flags and tcb rpl struct (bsc#1136345 jsc#SLE-4681). - cxgb4: Add VF Link state support (bsc#1136345 jsc#SLE-4681). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4: Delete all hash and TCAM filters before resource cleanup (bsc#1136345 jsc#SLE-4681). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Do not return EAGAIN when TCAM is full (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable outer UDP checksum offload for T6 (bsc#1136345 jsc#SLE-4681). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: Fix error path in cxgb4_init_module (bsc#1136345 jsc#SLE-4681). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: kfree mhp after the debug print (bsc#1136345 jsc#SLE-4681). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1136345 jsc#SLE-4681). - cxgb4: remove DEFINE_SIMPLE_DEBUGFS_FILE() (bsc#1136345 jsc#SLE-4681). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: remove set but not used variables 'multitrc, speed' (bsc#1136345 jsc#SLE-4681). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size" (bsc#1136345 jsc#SLE-4681). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: TLS record offload enable (bsc#1136345 jsc#SLE-4681). - cxgb4: Update 1.23.3.0 as the latest firmware supported (bsc#1136345 jsc#SLE-4681). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Call netif_carrier_off properly in pci_probe (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Enter debugging mode if FW is inaccessible (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - cxgb4vf: Prefix adapter flags with CXGB4VF (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Revert force link up behaviour (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: perf: Add documentation for ThunderX2 PMU uncore driver (). - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver (). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/amd/display: extending AUX SW Timeout (bsc#1111666). - drm/amd/display: fix cursor black issue (bsc#1111666). - drm/amd/display: If one stream full updates, full update all planes (bsc#1111666). - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666). - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/doc: Drop "content type" from the legacy kms property table (bsc#1111666). - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/gvt: Roundup fb->height into tile's height at calucation fb->size (bsc#1111666). - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666). - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956) - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/bar/tu104: initial support (bsc#1133593). - drm/nouveau/bar/tu106: initial support (bsc#1133593). - drm/nouveau/bios/tu104: initial support (bsc#1133593). - drm/nouveau/bios/tu106: initial support (bsc#1133593). - drm/nouveau/bios: translate additional memory types (bsc#1133593). - drm/nouveau/bios: translate usb-C connector type (bsc#1133593). - drm/nouveau/bus/tu104: initial support (bsc#1133593). - drm/nouveau/bus/tu106: initial support (bsc#1133593). - drm/nouveau/ce/tu104: initial support (bsc#1133593). - drm/nouveau/ce/tu106: initial support (bsc#1133593). - drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593). - drm/nouveau/core: recognise TU102 (bsc#1133593). - drm/nouveau/core: recognise TU104 (bsc#1133593). - drm/nouveau/core: recognise TU106 (bsc#1133593). - drm/nouveau/core: support multiple nvdec instances (bsc#1133593). - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593). - drm/nouveau/devinit/tu104: initial support (bsc#1133593). - drm/nouveau/devinit/tu106: initial support (bsc#1133593). - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593). - drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593). - drm/nouveau/disp/tu104: initial support (bsc#1133593). - drm/nouveau/disp/tu106: initial support (bsc#1133593). - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593). - drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593). - drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593). - drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593). - drm/nouveau/dma/tu104: initial support (bsc#1133593). - drm/nouveau/dma/tu106: initial support (bsc#1133593). - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593). - drm/nouveau/drm/nouveau: s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593). - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593). - drm/nouveau/fault/tu104: initial support (bsc#1133593). - drm/nouveau/fault/tu106: initial support (bsc#1133593). - drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593). - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593). - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593). - drm/nouveau/fb/tu104: initial support (bsc#1133593). - drm/nouveau/fb/tu106: initial support (bsc#1133593). - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593). - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593). - drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593). - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593). - drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593). - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593). - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593). - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593). - drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593). - drm/nouveau/fifo/tu104: initial support (bsc#1133593). - drm/nouveau/fifo/tu106: initial support (bsc#1133593). - drm/nouveau/fuse/tu104: initial support (bsc#1133593). - drm/nouveau/fuse/tu106: initial support (bsc#1133593). - drm/nouveau/gpio/tu104: initial support (bsc#1133593). - drm/nouveau/gpio/tu106: initial support (bsc#1133593). - drm/nouveau/i2c/tu104: initial support (bsc#1133593). - drm/nouveau/i2c/tu106: initial support (bsc#1133593). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/ibus/tu104: initial support (bsc#1133593). - drm/nouveau/ibus/tu106: initial support (bsc#1133593). - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593). - drm/nouveau/imem/tu104: initial support (bsc#1133593). - drm/nouveau/imem/tu106: initial support (bsc#1133593). - drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593). - drm/nouveau/kms/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu106: initial support (bsc#1133593). - drm/nouveau/mc/tu104: initial support (bsc#1133593). - drm/nouveau/mc/tu106: initial support (bsc#1133593). - drm/nouveau/mmu/tu104: initial support (bsc#1133593). - drm/nouveau/mmu/tu106: initial support (bsc#1133593). - drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593). - drm/nouveau/pci/tu104: initial support (bsc#1133593). - drm/nouveau/pci/tu106: initial support (bsc#1133593). - drm/nouveau/pmu/tu104: initial support (bsc#1133593). - drm/nouveau/pmu/tu106: initial support (bsc#1133593). - drm/nouveau/therm/tu104: initial support (bsc#1133593). - drm/nouveau/therm/tu106: initial support (bsc#1133593). - drm/nouveau/tmr/tu104: initial support (bsc#1133593). - drm/nouveau/tmr/tu106: initial support (bsc#1133593). - drm/nouveau/top/tu104: initial support (bsc#1133593). - drm/nouveau/top/tu106: initial support (bsc#1133593). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593). - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593). - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593). - drm/nouveau: Add strap_peek to debugfs (bsc#1133593). - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593). - drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593). - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593). - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593). - drm/nouveau: register backlight on pascal and newer (bsc#1133593). - drm/nouveau: remove left-over struct member (bsc#1133593). - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593). - drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666). - drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666). - drm/pl111: Initialize clock spinlock early (bsc#1111666). - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: fix for mailbox read validation (bsc#1111666). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Fix sun8i HDMI PHY clock initialization (bsc#1111666). - drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz (bsc#1111666). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666). - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666). - drm/tegra: hub: Fix dereference before check (bsc#1111666). - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666). - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666). - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666). - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - e1000e: Disable runtime PM on CNP+ (jsc#SLE-4804). - e1000e: Exclude device from suspend direct complete optimization (jsc#SLE-4804). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - e1000e: fix a missing check for return value (jsc#SLE-4804). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - fix rtnh_ok() (git-fixes). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fm10k: TRIVIAL cleanup of extra spacing in function comment (jsc#SLE-4796). - fm10k: use struct_size() in kzalloc() (jsc#SLE-4796). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: core: move Usage Page concatenation to Main item (bsc#1093389). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: input: add mapping for "Toggle Display" key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: synquacer: fix enumeration of slave devices (bsc#1111666). - i40e: Able to add up to 16 MAC filters on an untrusted VF (jsc#SLE-4797). - i40e: add new pci id for X710/XXV710 N3000 cards (jsc#SLE-4797). - i40e: add num_vectors checker in iwarp handler (jsc#SLE-4797). - i40e: Add support FEC configuration for Fortville 25G (jsc#SLE-4797). - i40e: Add support for X710 B/P and SFP+ cards (jsc#SLE-4797). - i40e: add tracking of AF_XDP ZC state for each queue pair (jsc#SLE-4797). - i40e: change behavior on PF in response to MDD event (jsc#SLE-4797). - i40e: Change unmatched function types (jsc#SLE-4797). - i40e: Changed maximum supported FW API version to 1.8 (jsc#SLE-4797). - i40e: check queue pairs num in config queues handler (jsc#SLE-4797). - i40e: clean up several indentation issues (jsc#SLE-4797). - i40e: do not allow changes to HW VLAN stripping on active port VLANs (jsc#SLE-4797). - i40e: Fix for 10G ports LED not blinking (jsc#SLE-4797). - i40e: Fix for allowing too many MDD events on VF (jsc#SLE-4797). - i40e: fix i40e_ptp_adjtime when given a negative delta (jsc#SLE-4797). - i40e: Fix misleading error message (jsc#SLE-4797). - i40e: fix misleading message about promisc setting on un-trusted VF (jsc#SLE-4797). - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c (jsc#SLE-4797). - i40e: Fix the typo in adding 40GE KR4 mode (jsc#SLE-4797). - i40e: Further implementation of LLDP (jsc#SLE-4797). - i40e: Implement DDP support in i40e driver (jsc#SLE-4797). - i40e: increase indentation (jsc#SLE-4797). - i40e: Introduce recovery mode support (jsc#SLE-4797). - i40e: Limiting RSS queues to CPUs (jsc#SLE-4797). - i40e: Memory leak in i40e_config_iwarp_qvlist (jsc#SLE-4797). - i40e: missing input validation on VF message handling by the PF (jsc#SLE-4797). - i40e: move i40e_xsk_umem function (jsc#SLE-4797). - i40e: print pci vendor and device ID during probe (jsc#SLE-4797). - i40e: Queues are reserved despite "Invalid argument" error (jsc#SLE-4797). - i40e: remove debugfs tx_timeout support (jsc#SLE-4797). - i40e: remove error msg when vf with port vlan tries to remove vlan 0 (jsc#SLE-4797). - i40e: Remove misleading messages for untrusted VF (jsc#SLE-4797). - i40e: remove out-of-range comparisons in i40e_validate_cloud_filter (jsc#SLE-4797). - i40e: Remove umem from VSI (jsc#SLE-4797). - i40e: Report advertised link modes on 40GBase_LR4, CR4 and fibre (jsc#SLE-4797). - i40e: Report advertised link modes on 40GBASE_SR4 (jsc#SLE-4797). - i40e: Revert ShadowRAM checksum calculation change (jsc#SLE-4797). - i40e: save PTP time before a device reset (jsc#SLE-4797). - i40e: Setting VF to VLAN 0 requires restart (jsc#SLE-4797). - i40e: ShadowRAM checksum calculation change (jsc#SLE-4797). - i40e: The driver now prints the API version in error message (jsc#SLE-4797). - i40e: Use struct_size() in kzalloc() (jsc#SLE-4797). - i40e: VF's promiscuous attribute is not kept (jsc#SLE-4797). - i40e: Wrong truncation from u16 to u8 (jsc#SLE-4797). - i40iw: Avoid panic when handling the inetdev event (jsc#SLE-4793). - i40iw: remove support for ib_get_vector_affinity (jsc#SLE-4793). - i40iw: remove use of VLAN_TAG_PRESENT (jsc#SLE-4793). - ib/hfi1: Add debugfs to control expansion ROM write protect (jsc#SLE-4925). - ib/hfi1: Add selected Rcv counters (jsc#SLE-4925). - ib/hfi1: Close VNIC sdma_progress sleep window (jsc#SLE-4925). - ib/hfi1: Consider LMC in 16B/bypass ingress packet check (jsc#SLE-4925). - ib/hfi1: Correctly process FECN and BECN in packets (jsc#SLE-4925). - ib/hfi1: Dump pio info for non-user send contexts (jsc#SLE-4925). - ib/hfi1: Eliminate opcode tests on mr deref (jsc#SLE-4925). - ib/hfi1: Failed to drain send queue when QP is put into error state (jsc#SLE-4925). - ib/hfi1: Fix the allocation of RSM table (jsc#SLE-4925). - ib/hfi1: Fix two format strings (jsc#SLE-4925). - ib/hfi1: Fix WQ_MEM_RECLAIM warning (jsc#SLE-4925). - ib/hfi1: Ignore LNI errors before DC8051 transitions to Polling state (jsc#SLE-4925). - ib/hfi1: Incorrect sizing of sge for PIO will OOPs (jsc#SLE-4925). - ib/hfi1: Limit VNIC use of SDMA engines to the available count (jsc#SLE-4925). - ib/hfi1: Reduce lock contention on iowait_lock for sdma and pio (jsc#SLE-4925). - ib/hfi1: Remove overly conservative VM_EXEC flag check (jsc#SLE-4925). - ib/hfi1: Remove WARN_ON when freeing expected receive groups (jsc#SLE-4925). - ib/hfi1: Unreserve a reserved request when it is completed (jsc#SLE-4925). - ib/hw: Remove unneeded semicolons (bsc#1136456 jsc#SLE-4689). - ib/rdmavt: Add wc_flags and wc_immdata to cq entry trace (jsc#SLE-4925). - ib/rdmavt: Fix frwr memory registration (jsc#SLE-4925). - ib/rdmavt: Fix loopback send with invalidate ordering (jsc#SLE-4925). - ib/{rdmavt, hfi1): Miscellaneous comment fixes (jsc#SLE-4925). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - ice : Ensure only valid bits are set in ice_aq_set_phy_cfg (jsc#SLE-4803). - ice: Add 52 byte RSS hash key support (jsc#SLE-4803). - ice: add and use new ice_for_each_traffic_class() macro (jsc#SLE-4803). - ice: Add code for DCB initialization part 1/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 2/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 3/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 4/4 (jsc#SLE-4803). - ice: Add code for DCB rebuild (jsc#SLE-4803). - ice: Add code to control FW LLDP and DCBX (jsc#SLE-4803). - ice: Add code to get DCB related statistics (jsc#SLE-4803). - ice: Add code to process LLDP Mib change events (jsc#SLE-4803). - ice: add const qualifier to mac_addr parameter (jsc#SLE-4803). - ice: Add ethtool private flag to make forcing link down optional (jsc#SLE-4803). - ice: Add ethtool set_phys_id handler (jsc#SLE-4803). - ice: Add function to program ethertype based filter rule on VSIs (jsc#SLE-4803). - ice: Add missing case in print_link_msg for printing flow control (jsc#SLE-4803). - ice: Add missing PHY type to link settings (jsc#SLE-4803). - ice: Add more validation in ice_vc_cfg_irq_map_msg (jsc#SLE-4803). - ice: Add priority information into VLAN header (jsc#SLE-4803). - ice: Add reg_idx variable in ice_q_vector structure (jsc#SLE-4803). - ice: Add support for adaptive interrupt moderation (jsc#SLE-4803). - ice: Add support for new PHY types (jsc#SLE-4803). - ice: Add support for PF/VF promiscuous mode (jsc#SLE-4803). - ice: Allow for software timestamping (jsc#SLE-4803). - ice: Always free/allocate q_vectors (jsc#SLE-4803). - ice: Audit hotpath structures with pahole (jsc#SLE-4803). - ice: avoid multiple unnecessary de-references in probe (jsc#SLE-4803). - ice: Bump driver version (jsc#SLE-4803). - ice: Bump version (jsc#SLE-4803). - ice: Calculate ITR increment based on direct calculation (jsc#SLE-4803). - ice: change VF VSI tc info along with num_queues (jsc#SLE-4803). - ice: check for a leaf node presence (jsc#SLE-4803). - ice: clear VF ARQLEN register on reset (jsc#SLE-4803). - ice: code cleanup in ice_sched.c (jsc#SLE-4803). - ice: configure GLINT_ITR to always have an ITR gran of 2 (jsc#SLE-4803). - ice: Configure RSS LUT and HASH KEY in rebuild path (jsc#SLE-4803). - ice: Create a generic name for the ice_rx_flg64_bits structure (jsc#SLE-4803). - ice: Create framework for VSI queue context (jsc#SLE-4803). - ice: Determine descriptor count and ring size based on PAGE_SIZE (jsc#SLE-4803). - ice: Disable sniffing VF traffic on PF (jsc#SLE-4803). - ice: Do not bail out when filter already exists (jsc#SLE-4803). - ice: Do not let VF know that it is untrusted (jsc#SLE-4803). - ice: Do not remove VLAN filters that were never programmed (jsc#SLE-4803). - ice: Do not set LB_EN for prune switch rules (jsc#SLE-4803). - ice: do not spam VFs with link messages (jsc#SLE-4803). - ice: Do not unnecessarily initialize local variable (jsc#SLE-4803). - ice: Enable LAN_EN for the right recipes (jsc#SLE-4803). - ice: Enable link events over the ARQ (jsc#SLE-4803). - ice: Enable MAC anti-spoof by default (jsc#SLE-4803). - ice: enable VF admin queue interrupts (jsc#SLE-4803). - ice: Fix added in VSI supported nodes calc (jsc#SLE-4803). - ice: Fix broadcast traffic in port VLAN mode (jsc#SLE-4803). - ice: Fix for adaptive interrupt moderation (jsc#SLE-4803). - ice: Fix for allowing too many MDD events on VF (jsc#SLE-4803). - ice: Fix for FC get rx/tx pause params (jsc#SLE-4803). - ice: fix ice_remove_rule_internal vsi_list handling (jsc#SLE-4803). - ice: Fix incorrect use of abbreviations (jsc#SLE-4803). - ice: Fix issue reclaiming resources back to the pool after reset (jsc#SLE-4803). - ice: Fix issue reconfiguring VF queues (jsc#SLE-4803). - ice: Fix issue when adding more than allowed VLANs (jsc#SLE-4803). - ice: fix issue where host reboots on unload when iommu=on (jsc#SLE-4803). - ice: Fix issue with VF reset and multiple VFs support on PFs (jsc#SLE-4803). - ice: fix numeric overflow warning (jsc#SLE-4803). - ice: fix some function prototype and signature style issues (jsc#SLE-4803). - ice: fix stack hogs from struct ice_vsi_ctx structures (jsc#SLE-4803). - ice: fix static analysis warnings (jsc#SLE-4803). - ice: Fix the calculation of ICE_MAX_MTU (jsc#SLE-4803). - ice: fix the divide by zero issue (jsc#SLE-4803). - ice: Fix typos in code comments (jsc#SLE-4803). - ice: flush Tx pipe on disable queue timeout (jsc#SLE-4803). - ice: Gather the rx buf clean-up logic for better reuse (jsc#SLE-4803). - ice: Get resources per function (jsc#SLE-4803). - ice: Get rid of ice_pull_tail (jsc#SLE-4803). - ice: Get VF VSI instances directly via PF (jsc#SLE-4803). - ice: Implement flow to reset VFs with PFR and other resets (jsc#SLE-4803). - ice: Implement getting and setting ethtool coalesce (jsc#SLE-4803). - ice: Implement pci_error_handler ops (jsc#SLE-4803). - ice: Implement support for normal get_eeprom[_len] ethtool ops (jsc#SLE-4803). - ice: Limit the ice_add_rx_frag to frag addition (jsc#SLE-4803). - ice: map Rx buffer pages with DMA attributes (jsc#SLE-4803). - ice: Move aggregator list into ice_hw instance (jsc#SLE-4803). - ice: Offload SCTP checksum (jsc#SLE-4803). - ice: only use the VF for ICE_VSI_VF in ice_vsi_release (jsc#SLE-4803). - ice: Preserve VLAN Rx stripping settings (jsc#SLE-4803). - ice: Prevent unintended multiple chain resets (jsc#SLE-4803). - ice: Pull out page reuse checks onto separate function (jsc#SLE-4803). - ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset (jsc#SLE-4803). - ice: Reduce scope of variable in ice_vsi_cfg_rxqs (jsc#SLE-4803). - ice: Refactor a few Tx scheduler functions (jsc#SLE-4803). - ice: Refactor getting/setting coalesce (jsc#SLE-4803). - ice: Refactor link event flow (jsc#SLE-4803). - ice: Remove "2 BITS" comment (jsc#SLE-4803). - ice: Remove __always_unused attribute (jsc#SLE-4803). - ice: remove redundant variable and if condition (jsc#SLE-4803). - ice: Remove runtime change of PFINT_OICR_ENA register (jsc#SLE-4803). - ice: Remove unnecessary braces (jsc#SLE-4803). - ice: Remove unnecessary newlines from log messages (jsc#SLE-4803). - ice: Remove unnecessary wait when disabling/enabling Rx queues (jsc#SLE-4803). - ice: Remove unused function prototype (jsc#SLE-4803). - ice: Remove unused function prototype (jsc#SLE-4803). - ice: Remove unused vsi_id field (jsc#SLE-4803). - ice: Reset all VFs with VFLR during SR-IOV init flow (jsc#SLE-4803). - ice: Resolve static analysis reported issue (jsc#SLE-4803). - ice: Restore VLAN switch rule if port VLAN existed before (jsc#SLE-4803). - ice: Retrieve rx_buf in separate function (jsc#SLE-4803). - ice: Return configuration error without queue to disable (jsc#SLE-4803). - ice: Rework queue management code for reuse (jsc#SLE-4803). - ice: Separate if conditions for ice_set_features() (jsc#SLE-4803). - ice: Set LAN_EN for all directional rules (jsc#SLE-4803). - ice: Set physical link up/down when an interface is set up/down (jsc#SLE-4803). - ice: sizeof(type>) should be avoided (jsc#SLE-4803). - ice: Suppress false-positive style issues reported by static analyzer (jsc#SLE-4803). - ice: use absolute vector ID for VFs (jsc#SLE-4803). - ice: Use bitfields where possible (jsc#SLE-4803). - ice: Use dev_err when ice_cfg_vsi_lan fails (jsc#SLE-4803). - ice: Use ice_for_each_q_vector macro where possible (jsc#SLE-4803). - ice: use ice_for_each_vsi macro when possible (jsc#SLE-4803). - ice: use irq_num var in ice_vsi_req_irq_msix (jsc#SLE-4803). - ice: Use more efficient structures (jsc#SLE-4803). - ice: Use pf instead of vsi-back (jsc#SLE-4803). - ice: use virt channel status codes (jsc#SLE-4803). - ice: Validate ring existence and its q_vector per VSI (jsc#SLE-4803). - igb: Bump version number (jsc#SLE-4798). - igb: Exclude device from suspend direct complete optimization (jsc#SLE-4798). - igb: fix various indentation issues (jsc#SLE-4798). - igb: Fix WARN_ONCE on runtime suspend (jsc#SLE-4798). - igb: use struct_size() helper (jsc#SLE-4798). - igc: Add ethtool support (jsc#SLE-4799). - igc: Add multiple receive queues control supporting (jsc#SLE-4799). - igc: Add support for statistics (jsc#SLE-4799). - igc: Add support for the ntuple feature (jsc#SLE-4799). - igc: Extend the ethtool supporting (jsc#SLE-4799). - igc: Fix code redundancy (jsc#SLE-4799). - igc: Fix the typo in igc_base.h header definition (jsc#SLE-4799). - igc: Remove the 'igc_get_phy_id_base' method (jsc#SLE-4799). - igc: Remove the 'igc_read_mac_addr_base' method (jsc#SLE-4799). - igc: Remove unneeded code (jsc#SLE-4799). - igc: Remove unneeded hw_dbg prints (jsc#SLE-4799). - igc: Remove unreachable code from igc_phy.c file (jsc#SLE-4799). - igc: Remove unused code (jsc#SLE-4799). - igc: Use struct_size() helper (jsc#SLE-4799). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - include/linux/bitops.h: introduce BITS_PER_TYPE (bsc#1136345 jsc#SLE-4681). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - infiniband/qedr: Potential null ptr dereference of qp (bsc#1136456 jsc#SLE-4689). - infiniband: hfi1: drop crazy DEBUGFS_SEQ_FILE_CREATE() macro (jsc#SLE-4925). - infiniband: hfi1: no need to check return value of debugfs_create functions (jsc#SLE-4925). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - intel: correct return from set features callback (jsc#SLE-4795). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier (bsc#1111666). - ipmi: Prevent use-after-free in deliver_response (bsc#1111666). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: fix stats update from local clients (git-fixes). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - iw_cxgb*: kzalloc the iwcm verbs struct (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Check for send WR also while posting write with completion WR (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: complete the cached SRQ buffers (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: fix srqidx leak during connection abort (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Make function read_tcb() static (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - iw_cxgb4: use listening ep tos when accepting new connections (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when finding ipv6 routes (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when importing the endpoint (bsc#1136348 jsc#SLE-4684). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix driver operation for 5350 (bsc#1111666). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - ixgbe: fix mdio bus registration (jsc#SLE-4795). - ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN (jsc#SLE-4795). - ixgbe: register a mdiobus (jsc#SLE-4795). - ixgbe: remove magic constant in ixgbe_reset_hw_82599() (jsc#SLE-4795). - ixgbe: use mii_bus to handle MII related ioctls (jsc#SLE-4795). - ixgbe: Use struct_size() helper (jsc#SLE-4795). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kabi i40e ignore include (jsc#SLE-4797). - kabi protect struct iw_cm_id (bsc#1136348 jsc#SLE-4684). - kabi protect struct vf_info (bsc#1136347 jsc#SLE-4683). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kabi/severities: exclude hns3 symbols (bsc#1134948) - kabi/severities: exclude qed* symbols (bsc#1136461) - kabi/severities: missed hns roce module - kabi: arm64: cpuhotplug: Reuse other arch's cpuhp_state (). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252). - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252). - kABI: restore icmp_send (kabi). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - keys: user: Align the payload buffer (bsc#1051510). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86: Report STibP on GET_SUPPORTED_CPUID (bsc#1111331). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - libcxgb: fix incorrect ppmax calculation (bsc#1136345 jsc#SLE-4681). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: do not attempt to rename ERR_PTR() debugfs dirs (bsc#1111666). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666). - mac8390: Fix mmio access size probe (bsc#1051510). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mISDN: Check address length before reading address family (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mm: create non-atomic version of SetPageReserved for init use (jsc#SLE-6647). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: bcm2835 MMC issues (bsc#1070872). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mmc: core: Fix tag set memory leak (bsc#1111666). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: do not advertise ibSS features without FW support (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666). - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1129845 LTC#176252). - net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1129845 LTC#176252). - net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: rework pnet table (bsc#1129845 LTC#176252). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net/tls: free ctx in sock destruct (bsc#1136353 jsc#SLE-4688). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: chelsio: Add a missing check on cudg_get_buffer (bsc#1136345 jsc#SLE-4681). - net: cxgb4: fix various indentation issues (bsc#1136345 jsc#SLE-4681). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: add counter for times RX pages gets allocated (bsc#1104353 bsc#1134947). - net: hns3: add error handler for initializing command queue (bsc#1104353 bsc#1135058). - net: hns3: add function type check for debugfs help information (bsc#1104353 bsc#1134980). - net: hns3: Add handling of MAC tunnel interruption (bsc#1104353 bsc#1134983). - net: hns3: add hns3_gro_complete for HW GRO process (bsc#1104353 bsc#1135051). - net: hns3: add linearizing checking for TSO case (bsc#1104353 bsc#1134947). - net: hns3: add protect when handling mac addr list (bsc#1104353 ). - net: hns3: add queue's statistics update to service task (bsc#1104353 bsc#1134981). - net: hns3: add reset statistics for VF (bsc#1104353 bsc#1134995). - net: hns3: add reset statistics info for PF (bsc#1104353 bsc#1134995). - net: hns3: add some debug info for hclgevf_get_mbx_resp() (bsc#1104353 bsc#1134994). - net: hns3: add some debug information for hclge_check_event_cause (bsc#1104353 bsc#1134994). - net: hns3: add support for dump ncl config by debugfs (bsc#1104353 bsc#1134987). - net: hns3: Add support for netif message level settings (bsc#1104353 bsc#1134989). - net: hns3: adjust the timing of hns3_client_stop when unloading (bsc#1104353 bsc#1137201). - net: hns3: always assume no drop TC for performance reason (bsc#1104353 bsc#1135049). - net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings (bsc#1104353 bsc#1137201). - net: hns3: check resetting status in hns3_get_stats() (bsc#1104353 bsc#1137201). - net: hns3: code optimization for command queue' spin lock (bsc#1104353 bsc#1135042). - net: hns3: combine len and checksum handling for inner and outer header (bsc#1104353 bsc#1134947). - net: hns3: deactive the reset timer when reset successfully (bsc#1104353 bsc#1137201). - net: hns3: divide shared buffer between TC (bsc#1104353 bsc#1135047). - net: hns3: do not initialize MDIO bus when PHY is inexistent (bsc#1104353 bsc#1135045). - net: hns3: do not request reset when hardware resetting (bsc#1104353 bsc#1137201). - net: hns3: dump more information when tx timeout happens (bsc#1104353 bsc#1134990). - net: hns3: extend the loopback state acquisition time (bsc#1104353). - net: hns3: fix data race between ring->next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro (bsc#1104353 bsc#1137201). - net: hns3: fix for tunnel type handling in hns3_rx_checksum (bsc#1104353 bsc#1134946). - net: hns3: fix for TX clean num when cleaning TX BD (bsc#1104353 ). - net: hns3: fix for vport->bw_limit overflow problem (bsc#1104353 bsc#1134998). - net: hns3: fix keep_alive_timer not stop problem (bsc#1104353 bsc#1135055). - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() (bsc#1104353 bsc#1134990). - net: hns3: fix pause configure fail problem (bsc#1104353 bsc#1134951 bsc#1134951). - net: hns3: fix set port based VLAN for PF (bsc#1104353 bsc#1135053). - net: hns3: fix set port based VLAN issue for VF (bsc#1104353 bsc#1135053). - net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw() (bsc#1104353 bsc#1134999). - net: hns3: fix VLAN offload handle for VLAN inserted by port (bsc#1104353 bsc#1135053). - net: hns3: free the pending skb when clean RX ring (bsc#1104353 bsc#1135044). - net: hns3: handle pending reset while reset fail (bsc#1104353 bsc#1135058). - net: hns3: handle the BD info on the last BD of the packet (bsc#1104353 bsc#1134974). - net: hns3: ignore lower-level new coming reset (bsc#1104353 bsc#1137201). - net: hns3: Make hclge_destroy_cmd_queue static (bsc#1104353 bsc#1137201). - net: hns3: Make hclgevf_update_link_mode static (bsc#1104353 bsc#1137201). - net: hns3: minor optimization for datapath (bsc#1104353 ). - net: hns3: minor optimization for ring_space (bsc#1104353 ). - net: hns3: minor refactor for hns3_rx_checksum (bsc#1104353 bsc#1135052). - net: hns3: modify HNS3_NIC_STATE_INITED flag in hns3_reset_notify_uninit_enet (bsc#1104353). - net: hns3: modify the VF network port media type acquisition method (bsc#1104353 bsc#1137201). - net: hns3: modify VLAN initialization to be compatible with port based VLAN (bsc#1104353 bsc#1135053). - net: hns3: not reset TQP in the DOWN while VF resetting (bsc#1104353 bsc#1134952). - net: hns3: not reset vport who not alive when PF reset (bsc#1104353 bsc#1137201). - net: hns3: optimize the barrier using when cleaning TX BD (bsc#1104353 bsc#1134945). - net: hns3: prevent change MTU when resetting (bsc#1104353 bsc#1137201). - net: hns3: prevent double free in hns3_put_ring_config() (bsc#1104353 bsc#1134950). - net: hns3: reduce resources use in kdump kernel (bsc#1104353 bsc#1137201). - net: hns3: refactor BD filling for l2l3l4 info (bsc#1104353 bsc#1134947). - net: hns3: refine tx timeout count handle (bsc#1104353 bsc#1134990). - net: hns3: remove redundant assignment of l2_hdr to itself (bsc#1104353). - net: hns3: remove reset after command send failed (bsc#1104353 bsc#1134949). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: hns3: return 0 and print warning when hit duplicate MAC (bsc#1104353 bsc#1137201). - net: hns3: set dividual reset level for all RAS and MSI-X errors (bsc#1104353 bsc#1135046). - net: hns3: set up the vport alive state while reinitializing (bsc#1104353 bsc#1137201). - net: hns3: set vport alive state to default while resetting (bsc#1104353 bsc#1137201). - net: hns3: simplify hclgevf_cmd_csq_clean (bsc#1104353 ). - net: hns3: some cleanup for struct hns3_enet_ring (bsc#1104353 bsc#1134947). - net: hns3: split function hnae3_match_n_instantiate() (bsc#1104353). - net: hns3: stop mailbox handling when command queue need re-init (bsc#1104353 bsc#1135058). - net: hns3: stop sending keep alive msg when VF command queue needs reinit (bsc#1104353 bsc#1134972). - net: hns3: unify maybe_stop_tx for TSO and non-TSO case (bsc#1104353 bsc#1134947). - net: hns3: unify the page reusing for page size 4K and 64K (bsc#1104353 bsc#1134947). - net: hns3: use a reserved byte to identify need_resp flag (bsc#1104353). - net: hns3: use atomic_t replace u32 for arq's count (bsc#1104353 bsc#1134953). - net: hns3: use devm_kcalloc when allocating desc_cb (bsc#1104353 bsc#1134947). - net: hns3: use napi_schedule_irqoff in hard interrupts handlers (bsc#1104353 bsc#1134947). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net: phy: marvell: add new default led configure for m88e151x (bsc#1135018). - net: phy: marvell: change default m88e1510 LED configuration (bsc#1135018). - net: phy: marvell: Enable interrupt function on LED2 pin (bsc#1135018). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix dentry revalidation on nfsv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-fc: use separate work queue to avoid warning (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1130937). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - overflow: Fix -Wtype-limits compilation warnings (bsc#1111666). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Init pcie feature bits for managed host bridge alloc (bsc#1111666). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - pci: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - perf tools: Add Hygon Dhyana support (). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223). - perf/x86/amd: Update generic hardware cache events for Family 17h (bsc#1134223). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - phy: sun4i-usb: Support set_mode to usb_HOST for non-OTG PHYs (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Do not reprogram SLW image on every kvm guest entry/exit (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit kvm-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "faspath" -> "fastpath" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "inculde" -> "include" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qla2xxx: kABI fixes for v10.00.00.14-k (bsc#1136215). - qla2xxx: kABI fixes for v10.01.00.15-k (bsc#1136215). - qlcnic: remove assumption that vlan_tci != 0 (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'cur_rings, max_hw_rings, tx_desc_info' (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'op, cmd_op' (bsc#1136469 jsc#SLE-4695). - qmi_wwan: add Olicard 600 (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxbg: Use correct sizing on buffers holding page DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions and structs (bsc#1127371). - rdma/cxgb4: Don't expose DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Fix null pointer dereference on alloc_skb failure (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Fix spelling mistake "immedate" -> "immediate" (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/cxgb4: Remove kref accounting for sync operation (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684). - rdma/hns: Add constraint on the setting of local ACK timeout (bsc#1104427 bsc#1137233). - rdma/hns: Add SCC context allocation support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add SCC context clr support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add the process of AEQ overflow for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add timer allocation support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Bugfix for mapping user db (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for posting multiple srq work request (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for SCC hem free (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for sending with invalidate (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for set hem of SCC (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for the scene without receiver queue (bsc#1104427 bsc#1137233). - rdma/hns: Configure capacity of hns device (bsc#1104427 bsc#1137236). - rdma/hns: Delete unused variable in hns_roce_v2_modify_qp function (bsc#1104427). - rdma/hns: Delete useful prints for aeq subtype event (bsc#1104427 bsc#1126206). - rdma/hns: Fix bad endianess of port_pd variable (bsc#1104427 ). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/hns: Fix the bug with updating rq head pointer when flush cqe (bsc#1104427 bsc#1137233). - rdma/hns: Fix the chip hanging caused by sending doorbell during reset (bsc#1104427 bsc#1137232). - rdma/hns: Fix the chip hanging caused by sending mailbox CMQ during reset (bsc#1104427 bsc#1137232). - rdma/hns: Fix the Oops during rmmod or insmod ko when reset occurs (bsc#1104427 bsc#1137232). - rdma/hns: Fix the state of rereg mr (bsc#1104427 bsc#1137236). - rdma/hns: Hide error print information with roce vf device (bsc#1104427 bsc#1137236). - rdma/hns: Limit minimum ROCE CQ depth to 64 (bsc#1104427 bsc#1137236). - rdma/hns: Limit scope of hns_roce_cmq_send() (bsc#1104427 ). - rdma/hns: Make some function static (bsc#1104427 bsc#1126206). - rdma/hns: Modify qp specification according to UM (bsc#1104427 bsc#1137233). - rdma/hns: Modify the pbl ba page size for hip08 (bsc#1104427 bsc#1137233). - rdma/hns: Move spin_lock_irqsave to the correct place (bsc#1104427 bsc#1137236). - rdma/hns: Only assgin some fields if the relatived attr_mask is set (bsc#1104427). - rdma/hns: Only assign the fields of the rq psn if ib_QP_RQ_PSN is set (bsc#1104427). - rdma/hns: Only assign the relatived fields of psn if ib_QP_SQ_PSN is set (bsc#1104427). - rdma/hns: rdma/hns: Assign rq head pointer when enable rq record db (bsc#1104427 bsc#1137236). - rdma/hns: Remove jiffies operation in disable interrupt context (bsc#1104427 bsc#1137236). - rdma/hns: Remove set but not used variable 'rst' (bsc#1104427 bsc#1126206). - rdma/hns: Set allocated memory to zero for wrid (bsc#1104427 bsc#1137236). - rdma/hns: Support to create 1M srq queue (bsc#1104427 ). - rdma/hns: Update CQE specifications (bsc#1104427 bsc#1137236). - rdma/hns: Update the range of raq_psn field of qp context (bsc#1104427). - rdma/i40iw: Handle workqueue allocation failure (jsc#SLE-4793). - rdma/iw_cxgb4: Always disconnect when QP is transitioning to TERMINATE state (bsc#1136348 jsc#SLE-4684). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rdma/iwcm: add tos_set bool to iw_cm struct (bsc#1136348 jsc#SLE-4684). - rdma/qedr: Fix incorrect device rate (bsc#1136188). - rdma/qedr: Fix out of bounds index check in query pkey (bsc#1136456 jsc#SLE-4689). - rdma/rdmavt: Use correct sizing on buffers holding page DMA addresses (jsc#SLE-4925). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530 LTC#176717). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/git_sort/git_sort.py: remove old SCSI git branches - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: hisi: KABI ignore new symbols (bsc#1135038). - scsi: hisi_sas: add host reset interface for test (bsc#1135041). - scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() (bsc#1135033). - scsi: hisi_sas: Adjust the printk format of functions hisi_sas_init_device() (bsc#1135037). - scsi: hisi_sas: allocate different SAS address for directly attached situation (bsc#1135036). - scsi: hisi_sas: Do not fail IT nexus reset for Open Reject timeout (bsc#1135033). - scsi: hisi_sas: Do not hard reset disk during controller reset (bsc#1135034). - scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Remedy inconsistent PHY down state in software (bsc#1135039). - scsi: hisi_sas: remove the check of sas_dev status in hisi_sas_I_T_nexus_reset() (bsc#1135037). - scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port (bsc#1135037). - scsi: hisi_sas: Set PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Some misc tidy-up (bsc#1135031). - scsi: hisi_sas: Support all RAS events with MSI interrupts (bsc#1135035). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: libsas: Do discovery on empty PHY to update PHY info (bsc#1135024). - scsi: libsas: Improve vague log in SAS rediscovery (bsc#1135027). - scsi: libsas: Inject revalidate event for root port event (bsc#1135026). - scsi: libsas: Print expander PHY indexes in decimal (bsc#1135021). - scsi: libsas: Stop hardcoding SAS address length (bsc#1135029). - scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery (bsc#1135028). - scsi: libsas: Try to retain programmed min linkrate for SATA min pathway unmatch fixing (bsc#1135028). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1136215). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1136215). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1136215). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1136215). - scsi: qla2xxx: Add protection mask module parameters (bsc#1136215). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1136215). - scsi: qla2xxx: Add support for setting port speed (bsc#1136215). - scsi: qla2xxx: Avoid pci IRQ affinity mapping when multiqueue is not supported (bsc#1136215). - scsi: qla2xxx: avoid printf format warning (bsc#1136215). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1136215). - scsi: qla2xxx: check for kstrtol() failure (bsc#1136215). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1136215). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1136215). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1136215). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1136215). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1136215). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1136215). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1136215). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1136215). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1136215). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1136215). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1136215). - scsi: qla2xxx: Move marker request behind QPair (bsc#1136215). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1136215). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1136215). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1136215). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove FW default template (bsc#1136215). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1136215). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1136215). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1136215). - scsi: qla2xxx: Simplify conditional check again (bsc#1136215). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1136215). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1136215). - scsi: qla2xxx: Update flash read/write routine (bsc#1136215). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: smartpqi: add H3C controller IDs (bsc#1133547). - scsi: smartpqi: add h3c ssid (bsc#1133547). - scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547). - scsi: smartpqi: add ofa support (bsc#1133547). - scsi: smartpqi: Add retries for device reset (bsc#1133547). - scsi: smartpqi: add smp_utils support (bsc#1133547). - scsi: smartpqi: add spdx (bsc#1133547). - scsi: smartpqi: add support for huawei controllers (bsc#1133547). - scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547). - scsi: smartpqi: add sysfs attributes (bsc#1133547). - scsi: smartpqi: allow for larger raid maps (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() (bsc#1133547). - scsi: smartpqi: check for null device pointers (bsc#1133547). - scsi: smartpqi: correct host serial num for ssa (bsc#1133547). - scsi: smartpqi: correct lun reset issues (bsc#1133547). - scsi: smartpqi: correct volume status (bsc#1133547). - scsi: smartpqi: do not offline disks for transient did no connect conditions (bsc#1133547). - scsi: smartpqi: enhance numa node detection (bsc#1133547). - scsi: smartpqi: fix build warnings (bsc#1133547). - scsi: smartpqi: fix disk name mount point (bsc#1133547). - scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547). - scsi: smartpqi: increase fw status register read timeout (bsc#1133547). - scsi: smartpqi: increase LUN reset timeout (bsc#1133547). - scsi: smartpqi: refactor sending controller raid requests (bsc#1133547). - scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547). - scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547). - scsi: smartpqi: update copyright (bsc#1133547). - scsi: smartpqi: update driver version (bsc#1133547). - scsi: smartpqi: wake up drives after os resumes from suspend (bsc#1133547). - scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start (bsc#1133547). - scsi: zfcp: make DIX experimental, disabled, and independent of DIF (jsc#SLE-6772). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - soc: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() (bsc#1111666). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc (bsc#1111666). - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference (bsc#1111666). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - switchtec: Fix unintended mask of MRPC event (git-fixes). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - testing: nvdimm: provide SZ_4G constant (bsc#1132982). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tools/cpupower: Add Hygon Dhyana support (). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: fix blocking read (networking-stable-19_03_07). - tun: properly test for IFF_UP (networking-stable-19_03_28). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: chipidea: Grab the (legacy) usb PHY by phandle first (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - vxlan: test dev->flags and IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm: Add Hygon Dhyana support to kvm (). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and pciE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to pci and northbridge (). - x86/pci: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/perf/amd: Remove need to check "running" bit in NMI handler (bsc#1131438). - x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438). - x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/xen: Add Hygon Dhyana support to Xen (). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: check _btree_check_block value (bsc#1123663). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor unmount record write (bsc#1114427). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xsk: export xdp_get_umem_from_qid (jsc#SLE-4797). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1550=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1550=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1550=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1550=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1550=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1550=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 kernel-default-extra-4.12.14-197.4.1 kernel-default-extra-debuginfo-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 kernel-obs-qa-4.12.14-197.4.1 kernel-vanilla-4.12.14-197.4.1 kernel-vanilla-base-4.12.14-197.4.1 kernel-vanilla-base-debuginfo-4.12.14-197.4.1 kernel-vanilla-debuginfo-4.12.14-197.4.1 kernel-vanilla-debugsource-4.12.14-197.4.1 kernel-vanilla-devel-4.12.14-197.4.1 kernel-vanilla-devel-debuginfo-4.12.14-197.4.1 kernel-vanilla-livepatch-devel-4.12.14-197.4.1 kselftests-kmp-default-4.12.14-197.4.1 kselftests-kmp-default-debuginfo-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.4.1 kernel-debug-base-4.12.14-197.4.1 kernel-debug-base-debuginfo-4.12.14-197.4.1 kernel-debug-debuginfo-4.12.14-197.4.1 kernel-debug-debugsource-4.12.14-197.4.1 kernel-debug-devel-4.12.14-197.4.1 kernel-debug-devel-debuginfo-4.12.14-197.4.1 kernel-debug-livepatch-devel-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.4.1 dtb-allwinner-4.12.14-197.4.1 dtb-altera-4.12.14-197.4.1 dtb-amd-4.12.14-197.4.1 dtb-amlogic-4.12.14-197.4.1 dtb-apm-4.12.14-197.4.1 dtb-arm-4.12.14-197.4.1 dtb-broadcom-4.12.14-197.4.1 dtb-cavium-4.12.14-197.4.1 dtb-exynos-4.12.14-197.4.1 dtb-freescale-4.12.14-197.4.1 dtb-hisilicon-4.12.14-197.4.1 dtb-lg-4.12.14-197.4.1 dtb-marvell-4.12.14-197.4.1 dtb-mediatek-4.12.14-197.4.1 dtb-nvidia-4.12.14-197.4.1 dtb-qcom-4.12.14-197.4.1 dtb-renesas-4.12.14-197.4.1 dtb-rockchip-4.12.14-197.4.1 dtb-socionext-4.12.14-197.4.1 dtb-sprd-4.12.14-197.4.1 dtb-xilinx-4.12.14-197.4.1 dtb-zte-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.4.1 kernel-source-vanilla-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.4.1 kernel-kvmsmall-base-4.12.14-197.4.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.4.1 kernel-kvmsmall-debuginfo-4.12.14-197.4.1 kernel-kvmsmall-debugsource-4.12.14-197.4.1 kernel-kvmsmall-devel-4.12.14-197.4.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.4.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.4.1 kernel-zfcpdump-debugsource-4.12.14-197.4.1 kernel-zfcpdump-man-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 kernel-default-livepatch-4.12.14-197.4.1 kernel-default-livepatch-devel-4.12.14-197.4.1 kernel-livepatch-4_12_14-197_4-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 reiserfs-kmp-default-4.12.14-197.4.1 reiserfs-kmp-default-debuginfo-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.4.1 kernel-obs-build-debugsource-4.12.14-197.4.1 kernel-syms-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.4.1 kernel-source-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.4.1 kernel-default-base-4.12.14-197.4.1 kernel-default-base-debuginfo-4.12.14-197.4.1 kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 kernel-default-devel-4.12.14-197.4.1 kernel-default-devel-debuginfo-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.4.1 kernel-macros-4.12.14-197.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.4.1 kernel-zfcpdump-4.12.14-197.4.1 kernel-zfcpdump-debuginfo-4.12.14-197.4.1 kernel-zfcpdump-debugsource-4.12.14-197.4.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.4.1 cluster-md-kmp-default-debuginfo-4.12.14-197.4.1 dlm-kmp-default-4.12.14-197.4.1 dlm-kmp-default-debuginfo-4.12.14-197.4.1 gfs2-kmp-default-4.12.14-197.4.1 gfs2-kmp-default-debuginfo-4.12.14-197.4.1 kernel-default-debuginfo-4.12.14-197.4.1 kernel-default-debugsource-4.12.14-197.4.1 ocfs2-kmp-default-4.12.14-197.4.1 ocfs2-kmp-default-debuginfo-4.12.14-197.4.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11811.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-5489.html https://www.suse.com/security/cve/CVE-2019-8564.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1068546 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1086657 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117114 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128971 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129845 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130937 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131438 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131530 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132673 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132894 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1132982 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133016 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133547 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133593 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 https://bugzilla.suse.com/1133897 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134223 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134397 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134600 https://bugzilla.suse.com/1134607 https://bugzilla.suse.com/1134618 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1134945 https://bugzilla.suse.com/1134946 https://bugzilla.suse.com/1134947 https://bugzilla.suse.com/1134948 https://bugzilla.suse.com/1134949 https://bugzilla.suse.com/1134950 https://bugzilla.suse.com/1134951 https://bugzilla.suse.com/1134952 https://bugzilla.suse.com/1134953 https://bugzilla.suse.com/1134972 https://bugzilla.suse.com/1134974 https://bugzilla.suse.com/1134975 https://bugzilla.suse.com/1134980 https://bugzilla.suse.com/1134981 https://bugzilla.suse.com/1134983 https://bugzilla.suse.com/1134987 https://bugzilla.suse.com/1134989 https://bugzilla.suse.com/1134990 https://bugzilla.suse.com/1134994 https://bugzilla.suse.com/1134995 https://bugzilla.suse.com/1134998 https://bugzilla.suse.com/1134999 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135018 https://bugzilla.suse.com/1135021 https://bugzilla.suse.com/1135024 https://bugzilla.suse.com/1135026 https://bugzilla.suse.com/1135027 https://bugzilla.suse.com/1135028 https://bugzilla.suse.com/1135029 https://bugzilla.suse.com/1135031 https://bugzilla.suse.com/1135033 https://bugzilla.suse.com/1135034 https://bugzilla.suse.com/1135035 https://bugzilla.suse.com/1135036 https://bugzilla.suse.com/1135037 https://bugzilla.suse.com/1135038 https://bugzilla.suse.com/1135039 https://bugzilla.suse.com/1135041 https://bugzilla.suse.com/1135042 https://bugzilla.suse.com/1135044 https://bugzilla.suse.com/1135045 https://bugzilla.suse.com/1135046 https://bugzilla.suse.com/1135047 https://bugzilla.suse.com/1135049 https://bugzilla.suse.com/1135051 https://bugzilla.suse.com/1135052 https://bugzilla.suse.com/1135053 https://bugzilla.suse.com/1135055 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135058 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1136188 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136215 https://bugzilla.suse.com/1136345 https://bugzilla.suse.com/1136347 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1136353 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136456 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136469 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137201 https://bugzilla.suse.com/1137224 https://bugzilla.suse.com/1137232 https://bugzilla.suse.com/1137233 https://bugzilla.suse.com/1137236 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 From sle-updates at lists.suse.com Tue Jun 18 17:11:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 01:11:56 +0200 (CEST) Subject: SUSE-SU-2019:14091-1: moderate: Security update for openssl1 Message-ID: <20190618231156.63A93FF11@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14091-1 Rating: moderate References: #1117951 #1127080 #1131291 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl1 fixes the following security issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed "The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations" (bsc#1117951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14091=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.18.1 libopenssl1_0_0-1.0.1g-0.58.18.1 openssl1-1.0.1g-0.58.18.1 openssl1-doc-1.0.1g-0.58.18.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Tue Jun 18 17:13:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 01:13:57 +0200 (CEST) Subject: SUSE-SU-2019:1553-1: moderate: Security update for openssl Message-ID: <20190618231357.7F8B3FF11@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1553-1 Rating: moderate References: #1089039 #1097158 #1097624 #1098592 #1101470 #1104789 #1106197 #1110018 #1113534 #1113652 #1117951 #1127080 #1131291 Cross-References: CVE-2016-8610 CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 CVE-2019-1559 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 7 fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158) - CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652) - CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039) - CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes "PortSmash") (bsc#1113534) - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Fix One&Done side-channel attack on RSA (bsc#1104789) - Reject invalid EC point coordinates (bsc#1131291) - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) - Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9) - blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Non security fixes: - correct the error detection in the fips patch (bsc#1106197) - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1553=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.34.1 libopenssl1_0_0-debuginfo-1.0.1i-27.34.1 libopenssl1_0_0-hmac-1.0.1i-27.34.1 openssl-1.0.1i-27.34.1 openssl-debuginfo-1.0.1i-27.34.1 openssl-debugsource-1.0.1i-27.34.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.34.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.34.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): openssl-doc-1.0.1i-27.34.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-0737.html https://www.suse.com/security/cve/CVE-2018-5407.html https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Wed Jun 19 04:13:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:13:17 +0200 (CEST) Subject: SUSE-RU-2019:1559-1: moderate: Recommended update for gnome-control-center Message-ID: <20190619101317.DE32AFF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1559-1 Rating: moderate References: #1040055 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-control-center fixes the following issues: - Fixes an issue in the GUI where a text overlapped with a form field (bsc#1040055) - Fixed an issue with the panel search - Fixed some keyboard navigation issues - Fixes a possible crash on startup - Network: Fix some SSID escaping issues - Power: Fix hiding wi-fi, mobile broadband toggles. - Power: Fix wifi device state when opening power panel. - Privacy: React to changes in permissions store. - User accounts: Fix missing records in the history dialog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1559=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1559=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1559=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1559=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1559=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1559=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1559=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1559=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gnome-control-center-color-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-goa-3.20.2-49.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-control-center-color-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-goa-3.20.2-49.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-devel-3.20.2-49.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-devel-3.20.2-49.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-user-faces-3.20.2-49.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-control-center-lang-3.20.2-49.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-user-faces-3.20.2-49.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-control-center-lang-3.20.2-49.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-control-center-lang-3.20.2-49.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-control-center-3.20.2-49.9.1 gnome-control-center-color-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-goa-3.20.2-49.9.1 gnome-control-center-user-faces-3.20.2-49.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-control-center-lang-3.20.2-49.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-control-center-3.20.2-49.9.1 gnome-control-center-color-3.20.2-49.9.1 gnome-control-center-debuginfo-3.20.2-49.9.1 gnome-control-center-debugsource-3.20.2-49.9.1 gnome-control-center-goa-3.20.2-49.9.1 gnome-control-center-user-faces-3.20.2-49.9.1 References: https://bugzilla.suse.com/1040055 From sle-updates at lists.suse.com Wed Jun 19 04:16:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:16:28 +0200 (CEST) Subject: SUSE-RU-2019:1555-1: moderate: Recommended update for resource-agents Message-ID: <20190619101628.0C5B9FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1555-1 Rating: moderate References: #1114855 #1133337 #1133962 #1137038 #1137130 #1137231 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - aws-vpc-move-ip: Fix for VM having multiple network interfaces (bsc#1133962) - add network namespace support to IPaddr2 - [rabbitmq] Stop redirecting all output to /dev/null in set_policy - LVM-activate: only check locking_type when LVM is lower than v2.03 - redis: Filter warning from stderr when calling 'redis-cli -a' - Fixes version string with vendor trailer comparison (bsc#1133337) - azure-events: change message log level for the non action messages (bsc#1137038, bsc#1137231) - Fixes CTDB resource agent for Samba 4.9.0 and later (bsc#1137130) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1555=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.2.0+git157.40de8382-4.7.1 resource-agents-4.2.0+git157.40de8382-4.7.1 resource-agents-debuginfo-4.2.0+git157.40de8382-4.7.1 resource-agents-debugsource-4.2.0+git157.40de8382-4.7.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.2.0+git157.40de8382-4.7.1 References: https://bugzilla.suse.com/1114855 https://bugzilla.suse.com/1133337 https://bugzilla.suse.com/1133962 https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137130 https://bugzilla.suse.com/1137231 From sle-updates at lists.suse.com Wed Jun 19 04:18:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:18:02 +0200 (CEST) Subject: SUSE-RU-2019:1556-1: moderate: Recommended update for yast2-add-on Message-ID: <20190619101802.0A185FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1556-1 Rating: moderate References: #1055126 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-add-on provides the following fixes: - Update repository will be registered while installing an add-on on a running system. (bsc#1055126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1556=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1556=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-add-on-3.2.3-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-add-on-3.2.3-3.3.1 References: https://bugzilla.suse.com/1055126 From sle-updates at lists.suse.com Wed Jun 19 04:19:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:19:41 +0200 (CEST) Subject: SUSE-RU-2019:1557-1: moderate: Recommended update for gnome-nettool Message-ID: <20190619101941.075C5FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-nettool ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1557-1 Rating: moderate References: #1130398 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-nettool fixes the following issues: - Adds support for GigE (bsc#1130398) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1557=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1557=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1557=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1557=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-nettool-3.8.1-8.3.1 gnome-nettool-debuginfo-3.8.1-8.3.1 gnome-nettool-debugsource-3.8.1-8.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-nettool-lang-3.8.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-nettool-3.8.1-8.3.1 gnome-nettool-debuginfo-3.8.1-8.3.1 gnome-nettool-debugsource-3.8.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-nettool-lang-3.8.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-nettool-lang-3.8.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-nettool-3.8.1-8.3.1 gnome-nettool-debuginfo-3.8.1-8.3.1 gnome-nettool-debugsource-3.8.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-nettool-3.8.1-8.3.1 gnome-nettool-debuginfo-3.8.1-8.3.1 gnome-nettool-debugsource-3.8.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-nettool-lang-3.8.1-8.3.1 References: https://bugzilla.suse.com/1130398 From sle-updates at lists.suse.com Wed Jun 19 04:20:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:20:42 +0200 (CEST) Subject: SUSE-RU-2019:1558-1: moderate: Recommended update for gnome-control-center Message-ID: <20190619102042.26A24FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1558-1 Rating: moderate References: #1040055 #1091796 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-control-center fixes the following issues: - Renamed gui button 'Shutdown' to 'Force Off' (bsc#1091796) - The order has been adjusted by severity (bsc#1091796) - Fixes an issue in the GUI where a text overlapped with a form field (bsc#1040055) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1558=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1558=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1558=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1558=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gnome-control-center-color-3.26.2-7.15.1 gnome-control-center-debuginfo-3.26.2-7.15.1 gnome-control-center-debugsource-3.26.2-7.15.1 gnome-control-center-goa-3.26.2-7.15.1 gnome-control-center-user-faces-3.26.2-7.15.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-control-center-color-3.26.2-7.15.1 gnome-control-center-debuginfo-3.26.2-7.15.1 gnome-control-center-debugsource-3.26.2-7.15.1 gnome-control-center-goa-3.26.2-7.15.1 gnome-control-center-user-faces-3.26.2-7.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.26.2-7.15.1 gnome-control-center-debuginfo-3.26.2-7.15.1 gnome-control-center-debugsource-3.26.2-7.15.1 gnome-control-center-devel-3.26.2-7.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gnome-control-center-lang-3.26.2-7.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.26.2-7.15.1 gnome-control-center-debuginfo-3.26.2-7.15.1 gnome-control-center-debugsource-3.26.2-7.15.1 gnome-control-center-devel-3.26.2-7.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-control-center-lang-3.26.2-7.15.1 References: https://bugzilla.suse.com/1040055 https://bugzilla.suse.com/1091796 From sle-updates at lists.suse.com Wed Jun 19 04:21:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:21:49 +0200 (CEST) Subject: SUSE-RU-2019:14093-1: Recommended update for xz Message-ID: <20190619102149.2AB64FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for xz ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14093-1 Rating: low References: #1135709 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xz doesn't address any customer relevant issues. - The license has been updated (bsc#1135709) * LGPLv2.1+ (getopt_long) * GPLv2+ (scripts to grep, diff, and view compressed files, +doc) * SUSE-Public-Domain licence (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xz-14093=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xz-14093=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xz-14093=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xz-14093=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): liblzma5-5.0.3-0.12.3.1 xz-5.0.3-0.12.3.1 xz-lang-5.0.3-0.12.3.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): liblzma5-32bit-5.0.3-0.12.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): liblzma5-5.0.3-0.12.3.1 xz-5.0.3-0.12.3.1 xz-lang-5.0.3-0.12.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xz-debuginfo-5.0.3-0.12.3.1 xz-debugsource-5.0.3-0.12.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xz-debuginfo-5.0.3-0.12.3.1 xz-debugsource-5.0.3-0.12.3.1 References: https://bugzilla.suse.com/1135709 From sle-updates at lists.suse.com Wed Jun 19 04:22:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:22:46 +0200 (CEST) Subject: SUSE-RU-2019:1560-1: moderate: Recommended update for cloud-netconfig Message-ID: <20190619102246.CAE72FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1560-1 Rating: moderate References: #1135257 #1135263 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1560=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-netconfig-azure-1.0-5.9.1 cloud-netconfig-ec2-1.0-5.9.1 References: https://bugzilla.suse.com/1135257 https://bugzilla.suse.com/1135263 From sle-updates at lists.suse.com Wed Jun 19 04:25:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 12:25:18 +0200 (CEST) Subject: SUSE-SU-2019:1562-1: moderate: Security update for docker Message-ID: <20190619102518.48CCFFF11@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1562-1 Rating: moderate References: #1096726 Cross-References: CVE-2018-15664 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1562=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1562=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-1562=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-1562=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): docker-debuginfo-18.09.6_ce-6.20.3 docker-debugsource-18.09.6_ce-6.20.3 docker-test-18.09.6_ce-6.20.3 docker-test-debuginfo-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): docker-zsh-completion-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): docker-debuginfo-18.09.6_ce-6.20.3 docker-debugsource-18.09.6_ce-6.20.3 docker-test-18.09.6_ce-6.20.3 docker-test-debuginfo-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-zsh-completion-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): docker-18.09.6_ce-6.20.3 docker-debuginfo-18.09.6_ce-6.20.3 docker-debugsource-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): docker-bash-completion-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-18.09.6_ce-6.20.3 docker-debuginfo-18.09.6_ce-6.20.3 docker-debugsource-18.09.6_ce-6.20.3 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.6_ce-6.20.3 References: https://www.suse.com/security/cve/CVE-2018-15664.html https://bugzilla.suse.com/1096726 From sle-updates at lists.suse.com Wed Jun 19 10:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 18:13:00 +0200 (CEST) Subject: SUSE-RU-2019:1564-1: moderate: Recommended update for openvswitch Message-ID: <20190619161300.63F96FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1564-1 Rating: moderate References: #1130276 #1132029 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as systemgroup openvswitch was updated to bugfix release 2.8.7 (bsc#1130276). Some of the changes are: * ofp-group: support to insert bucket with weight value for select type * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * ifupdown.sh: Add missing "--may-exist" option * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * travis: Stop rsyslog before start. * vlog: Better handle syslog handler exceptions. * travis: Remove 'sudo' configuration. * ovsdb-monitor.at: Use correct perl scripts. * rconn: Avoid occasional immediate connection failures. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type of 'packet_csum_upperlayer6'. * ovsdb-client: Fix typo. * ofctl: break the loop if ovs_pcap_read returns error * Revert "ovs-tcpdump: Fix an undefined variable" * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 * dhparams: Add pregenerated .c file to the repository. * netlink: added check to prevent netlink attribute overflow * conntrack: Keep Address Sanitizer happy. * lldp: fix string warnings * conntrack: Exclude l2 padding in 'conn_key_extract()'. * dp-packet: Add 'dp_packet_l3_size()'. * monitor: Fix crash when monitor condition adds new columns. * dpif-netdev: Add thread safety annotation to sorted_poll_list. * acinclude: Drop DPDK_EXTRA_LIB variable. * flow: fix a possible memory leak in parse_ct_state * ofproto-dpif-trace: Fix for the segmentation fault in ofproto_trace(). * datapath: Fix IPv6 later frags parsing * datapath: Derive IP protocol number for IPv6 later frags * datapath: Avoid OOB read when parsing flow nlattrs * dpif-netlink: Fix a bug that causes duplicate key error in datapath * odp-util: Stop parse odp actions if nlattr is overflow * ovs-tcpdump: Fix an undefined variable * stt: Fix return code during xmit. * ofpbuf: Fix arithmetic error in ofpbuf_insert(). * odp-util: Fix a bug in parse_odp_push_nsh_action * netdev-linux: Fix function argument order in sfq_tc_load(). * ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches. * ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits * python: Escape backslashes while formatting logs. * docs: Fix table title for VM MQ config in dpdk howto. * conntrack: Check all addresses for ephemeral ports. * cmap: Fix hashing in cmap_find_protected(). * python: Catch setsockopt exceptions for TCP stream. * conntrack: Skip ephemeral ports fallback for DNAT. * rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES * ofproto: Return correct error codes from meter_set. * debian: Install correct vtep-ctl. * packets: Fix use-after-free error in packet_put_ra_prefix_opt(). * Windows: Fix broken kernel userspace communication * netdev-tc-offloads: Delete ufid tc mapping in the right place * dpif-netlink: Fix error behavior in dpif_netlink_port_add__(). * datapath-windows: Fix invalid reference in Buffermgmt.c * netdev-dpdk: Bring link down when NETDEV_UP is not set * actions: Enforce a maximum limit for nested action depth * bond: Fix LACP fallback to active-backup when recirc is enabled. * netdev-dpdk: Fix netdev_dpdk_get_features(). * ovn-northd: Fix memory leak in free_chassis_queueid(). * python-c-ext: Fix memory leak in Parser_finish * bridge.c: prevent controller connects while flow-restore-wait * connmgr: Fix vswitchd abort when a port is added and the controller is down * odp-util: Move ufid handling to odp_flow_from_string Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1564=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1564=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1564=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.7-6.22.2 libopenvswitch-2_8-0-debuginfo-2.8.7-6.22.2 openvswitch-2.8.7-6.22.2 openvswitch-debuginfo-2.8.7-6.22.2 openvswitch-debugsource-2.8.7-6.22.2 openvswitch-devel-2.8.7-6.22.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.7-6.22.2 libopenvswitch-2_8-0-debuginfo-2.8.7-6.22.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.8.7-6.22.2 openvswitch-debugsource-2.8.7-6.22.2 openvswitch-ovn-central-2.8.7-6.22.2 openvswitch-ovn-central-debuginfo-2.8.7-6.22.2 openvswitch-ovn-common-2.8.7-6.22.2 openvswitch-ovn-common-debuginfo-2.8.7-6.22.2 openvswitch-ovn-docker-2.8.7-6.22.2 openvswitch-ovn-host-2.8.7-6.22.2 openvswitch-ovn-host-debuginfo-2.8.7-6.22.2 openvswitch-ovn-vtep-2.8.7-6.22.2 openvswitch-ovn-vtep-debuginfo-2.8.7-6.22.2 openvswitch-pki-2.8.7-6.22.2 openvswitch-test-2.8.7-6.22.2 openvswitch-test-debuginfo-2.8.7-6.22.2 openvswitch-vtep-2.8.7-6.22.2 openvswitch-vtep-debuginfo-2.8.7-6.22.2 python2-ovs-2.8.7-6.22.2 python2-ovs-debuginfo-2.8.7-6.22.2 python3-ovs-2.8.7-6.22.2 python3-ovs-debuginfo-2.8.7-6.22.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openvswitch-doc-2.8.7-6.22.2 References: https://bugzilla.suse.com/1130276 https://bugzilla.suse.com/1132029 From sle-updates at lists.suse.com Wed Jun 19 10:15:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 18:15:03 +0200 (CEST) Subject: SUSE-RU-2019:1567-1: moderate: Recommended update for yast2-registration Message-ID: <20190619161503.B94C0FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1567-1 Rating: moderate References: #1136325 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration fixes the following issues: - Properly display the openSUSE Leap to SLES migration summary. (bsc#1136325) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1567=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-registration-4.1.22-3.3.1 References: https://bugzilla.suse.com/1136325 From sle-updates at lists.suse.com Wed Jun 19 10:15:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 18:15:51 +0200 (CEST) Subject: SUSE-RU-2019:1565-1: moderate: Recommended update for google-compute-engine Message-ID: <20190619161551.1AC14FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1565-1 Rating: moderate References: #1136266 #1136267 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: Update to version 20190522 (bsc#1136266, bsc#1136267) + Google Compute Engine * Fix guest attributes flow in Python 3. + Google Compute Engine OS Login * Update OS Login control file for FreeBSD support. Update to version 20190521: + Google Compute Engine * Retry download for metadata scripts. * Fix script retrieval in Python 3. * Disable boto config in Python 3. * Update SSH host keys in guest attributes. * Fix XPS settings with more than 64 vCPUs. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-1565=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1565=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1565=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190522-4.17.1 google-compute-engine-oslogin-20190522-4.17.1 google-compute-engine-oslogin-debuginfo-20190522-4.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190522-4.17.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190522-4.17.1 google-compute-engine-oslogin-debuginfo-20190522-4.17.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20190522-4.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): google-compute-engine-debugsource-20190522-4.17.1 References: https://bugzilla.suse.com/1136266 https://bugzilla.suse.com/1136267 From sle-updates at lists.suse.com Wed Jun 19 13:11:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jun 2019 21:11:36 +0200 (CEST) Subject: SUSE-RU-2019:1568-1: important: Recommended update for smt Message-ID: <20190619191136.D3EC8FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1568-1 Rating: important References: #1129844 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt fixes the following issue: - smt-sync fails with Data too long for column 'PRODUCT_CLASS' (bsc#1129844) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1568=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1568=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1568=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.42-52.38.1 smt-3.0.42-52.38.1 smt-debuginfo-3.0.42-52.38.1 smt-debugsource-3.0.42-52.38.1 smt-support-3.0.42-52.38.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.42-52.38.1 smt-3.0.42-52.38.1 smt-debuginfo-3.0.42-52.38.1 smt-debugsource-3.0.42-52.38.1 smt-support-3.0.42-52.38.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.42-52.38.1 References: https://bugzilla.suse.com/1129844 From sle-updates at lists.suse.com Wed Jun 19 16:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 00:11:41 +0200 (CEST) Subject: SUSE-SU-2019:1570-1: moderate: Security update for doxygen Message-ID: <20190619221141.1B356FF11@maintenance.suse.de> SUSE Security Update: Security update for doxygen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1570-1 Rating: moderate References: #1136364 Cross-References: CVE-2016-10245 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for doxygen fixes the following issues: - CVE-2016-10245: XSS was possible via insufficient sanitization of the query parameter in templates/html/search_opensearch.php (bsc#1136364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1570=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1570=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1570=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1570=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1570=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1570=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): doxygen-1.8.6-3.3.1 doxygen-debuginfo-1.8.6-3.3.1 doxygen-debugsource-1.8.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-10245.html https://bugzilla.suse.com/1136364 From sle-updates at lists.suse.com Wed Jun 19 19:11:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 03:11:06 +0200 (CEST) Subject: SUSE-RU-2019:1571-1: moderate: Recommended update for google-compute-engine Message-ID: <20190620011106.6743FFF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1571-1 Rating: moderate References: #1136266 #1136267 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: Update to version 20190522 (bsc#1136266, bsc#1136267) + Google Compute Engine * Fix guest attributes flow in Python 3. + Google Compute Engine OS Login * Update OS Login control file for FreeBSD support. Version to version 20190521: + Google Compute Engine * Retry download for metadata scripts. * Fix script retrieval in Python 3. * Disable boto config in Python 3. * Update SSH host keys in guest attributes. * Fix XPS settings with more than 64 vCPUs. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1571=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190522-33.1 google-compute-engine-oslogin-debuginfo-20190522-33.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190522-33.1 References: https://bugzilla.suse.com/1136266 https://bugzilla.suse.com/1136267 From sle-updates at lists.suse.com Wed Jun 19 19:12:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 03:12:39 +0200 (CEST) Subject: SUSE-RU-2019:1573-1: Recommended update for vhostmd Message-ID: <20190620011239.0A176FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1573-1 Rating: low References: #1129772 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: vhostmd was updated to vhostmd 1.1 fixing multiple issues (bsc#1129772): - Merge libserialclient with libmetrics - Add virtio as transport mechanism - Update to work with modern Xen - Add SIGPIPE handler and reconnect - Add systemd service file - Modernize build files - Misc bug fixes and improvements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1573=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1573=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1573=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1573=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmetrics-devel-1.1-27.10.1 libmetrics0-1.1-27.10.1 libmetrics0-debuginfo-1.1-27.10.1 vhostmd-debuginfo-1.1-27.10.1 vhostmd-debugsource-1.1-27.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libmetrics-devel-1.1-27.10.1 libmetrics0-1.1-27.10.1 libmetrics0-debuginfo-1.1-27.10.1 vhostmd-debuginfo-1.1-27.10.1 vhostmd-debugsource-1.1-27.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): vhostmd-1.1-27.10.1 vhostmd-debuginfo-1.1-27.10.1 vhostmd-debugsource-1.1-27.10.1 vm-dump-metrics-1.1-27.10.1 vm-dump-metrics-debuginfo-1.1-27.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): vhostmd-1.1-27.10.1 vhostmd-debuginfo-1.1-27.10.1 vhostmd-debugsource-1.1-27.10.1 vm-dump-metrics-1.1-27.10.1 vm-dump-metrics-debuginfo-1.1-27.10.1 References: https://bugzilla.suse.com/1129772 From sle-updates at lists.suse.com Wed Jun 19 19:11:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 03:11:53 +0200 (CEST) Subject: SUSE-RU-2019:1572-1: moderate: Recommended update for rpcbind Message-ID: <20190620011153.ABF93FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1572-1 Rating: moderate References: #1134659 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpcbind fixes the following issues: - change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock (bsc#1134659) - change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1572=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1572=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1572=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1572=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): rpcbind-0.2.3-24.6.1 rpcbind-debuginfo-0.2.3-24.6.1 rpcbind-debugsource-0.2.3-24.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rpcbind-0.2.3-24.6.1 rpcbind-debuginfo-0.2.3-24.6.1 rpcbind-debugsource-0.2.3-24.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rpcbind-0.2.3-24.6.1 rpcbind-debuginfo-0.2.3-24.6.1 rpcbind-debugsource-0.2.3-24.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rpcbind-0.2.3-24.6.1 rpcbind-debuginfo-0.2.3-24.6.1 rpcbind-debugsource-0.2.3-24.6.1 References: https://bugzilla.suse.com/1134659 From sle-updates at lists.suse.com Wed Jun 19 22:12:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 06:12:33 +0200 (CEST) Subject: SUSE-SU-2019:1574-1: important: Security update for samba Message-ID: <20190620041233.753DCFFC5@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1574-1 Rating: important References: #1125601 #1130245 #1134452 #1134697 #1137815 Cross-References: CVE-2019-12435 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed: - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1574=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1574=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1574=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1574=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-ad-dc-4.9.5+git.176.375e1f05788-3.6.1 samba-ad-dc-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debugsource-4.9.5+git.176.375e1f05788-3.6.1 samba-dsdb-modules-4.9.5+git.176.375e1f05788-3.6.1 samba-dsdb-modules-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-python-4.9.5+git.176.375e1f05788-3.6.1 samba-python-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-pcp-pmda-4.9.5+git.176.375e1f05788-3.6.1 ctdb-pcp-pmda-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 ctdb-tests-4.9.5+git.176.375e1f05788-3.6.1 ctdb-tests-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy-python-devel-4.9.5+git.176.375e1f05788-3.6.1 samba-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debugsource-4.9.5+git.176.375e1f05788-3.6.1 samba-test-4.9.5+git.176.375e1f05788-3.6.1 samba-test-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): samba-ceph-4.9.5+git.176.375e1f05788-3.6.1 samba-ceph-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libdcerpc-samr0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-samr0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-python3-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbclient0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsmbclient0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-ad-dc-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-ad-dc-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-client-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-client-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python3-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python3-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): samba-doc-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-binding0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-devel-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-samr-devel-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-samr0-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-samr0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc0-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-devel-4.9.5+git.176.375e1f05788-3.6.1 libndr-krb5pac-devel-4.9.5+git.176.375e1f05788-3.6.1 libndr-krb5pac0-4.9.5+git.176.375e1f05788-3.6.1 libndr-krb5pac0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-nbt-devel-4.9.5+git.176.375e1f05788-3.6.1 libndr-nbt0-4.9.5+git.176.375e1f05788-3.6.1 libndr-nbt0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-standard-devel-4.9.5+git.176.375e1f05788-3.6.1 libndr-standard0-4.9.5+git.176.375e1f05788-3.6.1 libndr-standard0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr0-4.9.5+git.176.375e1f05788-3.6.1 libndr0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libnetapi-devel-4.9.5+git.176.375e1f05788-3.6.1 libnetapi0-4.9.5+git.176.375e1f05788-3.6.1 libnetapi0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-credentials-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-credentials0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-credentials0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-errors-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-errors0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-errors0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-hostconfig-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-hostconfig0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-hostconfig0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-passdb-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-passdb0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-passdb0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy-python3-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-python3-4.9.5+git.176.375e1f05788-3.6.1 libsamba-policy0-python3-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-util-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamba-util0-4.9.5+git.176.375e1f05788-3.6.1 libsamba-util0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamdb-devel-4.9.5+git.176.375e1f05788-3.6.1 libsamdb0-4.9.5+git.176.375e1f05788-3.6.1 libsamdb0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbclient-devel-4.9.5+git.176.375e1f05788-3.6.1 libsmbclient0-4.9.5+git.176.375e1f05788-3.6.1 libsmbclient0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbconf-devel-4.9.5+git.176.375e1f05788-3.6.1 libsmbconf0-4.9.5+git.176.375e1f05788-3.6.1 libsmbconf0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbldap-devel-4.9.5+git.176.375e1f05788-3.6.1 libsmbldap2-4.9.5+git.176.375e1f05788-3.6.1 libsmbldap2-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libtevent-util-devel-4.9.5+git.176.375e1f05788-3.6.1 libtevent-util0-4.9.5+git.176.375e1f05788-3.6.1 libtevent-util0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libwbclient-devel-4.9.5+git.176.375e1f05788-3.6.1 libwbclient0-4.9.5+git.176.375e1f05788-3.6.1 libwbclient0-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-4.9.5+git.176.375e1f05788-3.6.1 samba-client-4.9.5+git.176.375e1f05788-3.6.1 samba-client-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-core-devel-4.9.5+git.176.375e1f05788-3.6.1 samba-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debugsource-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python3-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-python3-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-python3-4.9.5+git.176.375e1f05788-3.6.1 samba-python3-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-winbind-4.9.5+git.176.375e1f05788-3.6.1 samba-winbind-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libdcerpc0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-krb5pac0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-nbt0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr-standard0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libndr-standard0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libndr0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libndr0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libnetapi0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libnetapi0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-credentials0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-errors0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-hostconfig0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-passdb0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamba-util0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamba-util0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsamdb0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsamdb0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbconf0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsmbconf0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libsmbldap2-32bit-4.9.5+git.176.375e1f05788-3.6.1 libsmbldap2-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libtevent-util0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libtevent-util0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 libwbclient0-32bit-4.9.5+git.176.375e1f05788-3.6.1 libwbclient0-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-libs-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-winbind-32bit-4.9.5+git.176.375e1f05788-3.6.1 samba-winbind-32bit-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.176.375e1f05788-3.6.1 ctdb-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debugsource-4.9.5+git.176.375e1f05788-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-12435.html https://bugzilla.suse.com/1125601 https://bugzilla.suse.com/1130245 https://bugzilla.suse.com/1134452 https://bugzilla.suse.com/1134697 https://bugzilla.suse.com/1137815 From sle-updates at lists.suse.com Thu Jun 20 07:10:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 15:10:54 +0200 (CEST) Subject: SUSE-RU-2019:1575-1: moderate: Recommended update for kernel-azure Message-ID: <20190620131054.35256FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-azure ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1575-1 Rating: moderate References: #1134581 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships the Azure flavor kernel to SUSE Linux Enterprise 15 SP1. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-1575=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.5.1 kernel-source-azure-4.12.14-8.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.5.1 kernel-azure-base-4.12.14-8.5.1 kernel-azure-base-debuginfo-4.12.14-8.5.1 kernel-azure-debuginfo-4.12.14-8.5.1 kernel-azure-devel-4.12.14-8.5.1 kernel-syms-azure-4.12.14-8.5.1 References: https://bugzilla.suse.com/1134581 From sle-updates at lists.suse.com Thu Jun 20 10:12:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 18:12:43 +0200 (CEST) Subject: SUSE-SU-2019:1576-1: important: Security update for enigmail Message-ID: <20190620161243.842A5FFC5@maintenance.suse.de> SUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1576-1 Rating: important References: #1135855 Cross-References: CVE-2019-12269 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for enigmail to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a "correctly signed" message (bsc#1135855). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1576=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1576=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): enigmail-2.0.11-3.16.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): enigmail-2.0.11-3.16.1 References: https://www.suse.com/security/cve/CVE-2019-12269.html https://bugzilla.suse.com/1135855 From sle-updates at lists.suse.com Thu Jun 20 13:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jun 2019 21:11:00 +0200 (CEST) Subject: SUSE-RU-2019:1577-1: moderate: Recommended update for permissions Message-ID: <20190620191101.02D3EFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1577-1 Rating: moderate References: #1128598 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1577=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): permissions-20180125-3.12.1 permissions-debuginfo-20180125-3.12.1 permissions-debugsource-20180125-3.12.1 References: https://bugzilla.suse.com/1128598 From sle-updates at lists.suse.com Thu Jun 20 16:11:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 00:11:22 +0200 (CEST) Subject: SUSE-SU-2019:1588-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15) Message-ID: <20190620221122.C65E4FFC5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1588-1 Rating: important References: #1133191 #1136446 #1136935 #1137597 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_17 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1588=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1578=1 SUSE-SLE-Module-Live-Patching-15-2019-1580=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-2-4.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_14-default-2-2.1 kernel-livepatch-4_12_14-150_14-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-150_17-default-2-2.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137597 From sle-updates at lists.suse.com Thu Jun 20 16:12:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 00:12:38 +0200 (CEST) Subject: SUSE-RU-2019:1590-1: moderate: Recommended update for permissions Message-ID: <20190620221238.0D4A2FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1590-1 Rating: moderate References: #1128598 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1590=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): permissions-20181116-9.3.1 permissions-debuginfo-20181116-9.3.1 permissions-debugsource-20181116-9.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): permissions-zypp-plugin-20181116-9.3.1 References: https://bugzilla.suse.com/1128598 From sle-updates at lists.suse.com Thu Jun 20 16:13:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 00:13:28 +0200 (CEST) Subject: SUSE-RU-2019:1589-1: moderate: Recommended update for permissions Message-ID: <20190620221328.1FA00FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1589-1 Rating: moderate References: #1128598 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1589=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1589=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): permissions-20170707-3.6.1 permissions-debuginfo-20170707-3.6.1 permissions-debugsource-20170707-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): permissions-20170707-3.6.1 permissions-debuginfo-20170707-3.6.1 permissions-debugsource-20170707-3.6.1 References: https://bugzilla.suse.com/1128598 From sle-updates at lists.suse.com Thu Jun 20 16:14:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 00:14:16 +0200 (CEST) Subject: SUSE-SU-2019:1581-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20190620221416.2590FFFC5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1581-1 Rating: important References: #1133191 #1135280 #1136446 #1136935 #1137597 Cross-References: CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1579=1 SUSE-SLE-Module-Live-Patching-15-2019-1581=1 SUSE-SLE-Module-Live-Patching-15-2019-1582=1 SUSE-SLE-Module-Live-Patching-15-2019-1583=1 SUSE-SLE-Module-Live-Patching-15-2019-1584=1 SUSE-SLE-Module-Live-Patching-15-2019-1585=1 SUSE-SLE-Module-Live-Patching-15-2019-1586=1 SUSE-SLE-Module-Live-Patching-15-2019-1587=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-7-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_16-default-6-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_19-default-6-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_22-default-5-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_25-default-4-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_28-default-3-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_3-default-10-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-10-2.1 kernel-livepatch-4_12_14-25_6-default-9-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-9-2.1 References: https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1135280 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137597 From sle-updates at lists.suse.com Fri Jun 21 07:12:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:12:31 +0200 (CEST) Subject: SUSE-SU-2019:1600-1: important: Security update for gstreamer-plugins-base Message-ID: <20190621131231.7B3B4FFC7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1600-1 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1600=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1600=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1600=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1600=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1600=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1600=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1600=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1600=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1600=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1600=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1600=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1600=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1600=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE OpenStack Cloud 7 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstfft-1_0-0-32bit-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstfft-1_0-0-32bit-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 gstreamer-plugins-base-devel-1.8.3-13.3.2 typelib-1_0-GstAllocators-1_0-1.8.3-13.3.2 typelib-1_0-GstApp-1_0-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstFft-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstRtp-1_0-1.8.3-13.3.2 typelib-1_0-GstRtsp-1_0-1.8.3-13.3.2 typelib-1_0-GstSdp-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 gstreamer-plugins-base-devel-1.8.3-13.3.2 typelib-1_0-GstAllocators-1_0-1.8.3-13.3.2 typelib-1_0-GstApp-1_0-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstFft-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstRtp-1_0-1.8.3-13.3.2 typelib-1_0-GstRtsp-1_0-1.8.3-13.3.2 typelib-1_0-GstSdp-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-32bit-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-32bit-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 typelib-1_0-GstAudio-1_0-1.8.3-13.3.2 typelib-1_0-GstPbutils-1_0-1.8.3-13.3.2 typelib-1_0-GstTag-1_0-1.8.3-13.3.2 typelib-1_0-GstVideo-1_0-1.8.3-13.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Enterprise Storage 4 (noarch): gstreamer-plugins-base-lang-1.8.3-13.3.2 - SUSE Enterprise Storage 4 (x86_64): gstreamer-plugins-base-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-1.8.3-13.3.2 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.3.2 gstreamer-plugins-base-debugsource-1.8.3-13.3.2 libgstallocators-1_0-0-1.8.3-13.3.2 libgstallocators-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-1.8.3-13.3.2 libgstapp-1_0-0-32bit-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-1.8.3-13.3.2 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-1.8.3-13.3.2 libgstaudio-1_0-0-32bit-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-1.8.3-13.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstfft-1_0-0-1.8.3-13.3.2 libgstfft-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-1.8.3-13.3.2 libgstpbutils-1_0-0-32bit-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-1.8.3-13.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstriff-1_0-0-1.8.3-13.3.2 libgstriff-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtp-1_0-0-1.8.3-13.3.2 libgstrtp-1_0-0-debuginfo-1.8.3-13.3.2 libgstrtsp-1_0-0-1.8.3-13.3.2 libgstrtsp-1_0-0-debuginfo-1.8.3-13.3.2 libgstsdp-1_0-0-1.8.3-13.3.2 libgstsdp-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-1.8.3-13.3.2 libgsttag-1_0-0-32bit-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-1.8.3-13.3.2 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-1.8.3-13.3.2 libgstvideo-1_0-0-32bit-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-1.8.3-13.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.3.2 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Fri Jun 21 07:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:13:19 +0200 (CEST) Subject: SUSE-RU-2019:1630-1: moderate: Recommended update for rsyslog Message-ID: <20190621131319.56146FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1630-1 Rating: moderate References: #1133847 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fixes an issue where the 'readTimeout' option couldn't be used while using imfile with polling mode(bsc#1133847) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1630=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1630=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1630=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1630=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 rsyslog-diag-tools-8.24.0-3.26.1 rsyslog-diag-tools-debuginfo-8.24.0-3.26.1 rsyslog-doc-8.24.0-3.26.1 rsyslog-module-gssapi-8.24.0-3.26.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.26.1 rsyslog-module-gtls-8.24.0-3.26.1 rsyslog-module-gtls-debuginfo-8.24.0-3.26.1 rsyslog-module-mysql-8.24.0-3.26.1 rsyslog-module-mysql-debuginfo-8.24.0-3.26.1 rsyslog-module-pgsql-8.24.0-3.26.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.26.1 rsyslog-module-relp-8.24.0-3.26.1 rsyslog-module-relp-debuginfo-8.24.0-3.26.1 rsyslog-module-snmp-8.24.0-3.26.1 rsyslog-module-snmp-debuginfo-8.24.0-3.26.1 rsyslog-module-udpspoof-8.24.0-3.26.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 rsyslog-diag-tools-8.24.0-3.26.1 rsyslog-diag-tools-debuginfo-8.24.0-3.26.1 rsyslog-doc-8.24.0-3.26.1 rsyslog-module-gssapi-8.24.0-3.26.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.26.1 rsyslog-module-gtls-8.24.0-3.26.1 rsyslog-module-gtls-debuginfo-8.24.0-3.26.1 rsyslog-module-mysql-8.24.0-3.26.1 rsyslog-module-mysql-debuginfo-8.24.0-3.26.1 rsyslog-module-pgsql-8.24.0-3.26.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.26.1 rsyslog-module-relp-8.24.0-3.26.1 rsyslog-module-relp-debuginfo-8.24.0-3.26.1 rsyslog-module-snmp-8.24.0-3.26.1 rsyslog-module-snmp-debuginfo-8.24.0-3.26.1 rsyslog-module-udpspoof-8.24.0-3.26.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.26.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.26.1 rsyslog-debuginfo-8.24.0-3.26.1 rsyslog-debugsource-8.24.0-3.26.1 References: https://bugzilla.suse.com/1133847 From sle-updates at lists.suse.com Fri Jun 21 07:14:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:14:13 +0200 (CEST) Subject: SUSE-SU-2019:14099-1: moderate: Security update for libssh2_org Message-ID: <20190621131413.732BEFFC7@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14099-1 Rating: moderate References: #1128481 #1136570 Cross-References: CVE-2019-3860 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libssh2_org-14099=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libssh2_org-14099=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libssh2-1-1.4.3-17.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libssh2_org-debuginfo-1.4.3-17.9.1 libssh2_org-debugsource-1.4.3-17.9.1 References: https://www.suse.com/security/cve/CVE-2019-3860.html https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1136570 From sle-updates at lists.suse.com Fri Jun 21 07:16:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:16:01 +0200 (CEST) Subject: SUSE-RU-2019:1611-1: moderate: Recommended update for resource-agents Message-ID: <20190621131601.1186FFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1611-1 Rating: moderate References: #1137038 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents contains the following fixes: - Change message log level for the non action messages. The messages can still be seen using the verbose parameter. (bsc#1137038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1611=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.17.1 resource-agents-4.1.9+git24.9b664917-3.17.1 resource-agents-debuginfo-4.1.9+git24.9b664917-3.17.1 resource-agents-debugsource-4.1.9+git24.9b664917-3.17.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.17.1 References: https://bugzilla.suse.com/1137038 From sle-updates at lists.suse.com Fri Jun 21 07:17:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:17:05 +0200 (CEST) Subject: SUSE-RU-2019:1633-1: moderate: Recommended update for openssh Message-ID: <20190621131705.6D84EFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1633-1 Rating: moderate References: #1136104 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Fixes a crash with GSSAPI key exchange (bsc#1136104) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1633=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1633=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1633=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1633=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.9p1-6.3.1 openssh-debugsource-7.9p1-6.3.1 openssh-fips-7.9p1-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.9p1-6.3.1 openssh-cavs-debuginfo-7.9p1-6.3.1 openssh-debuginfo-7.9p1-6.3.1 openssh-debugsource-7.9p1-6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.9p1-6.3.1 openssh-askpass-gnome-debuginfo-7.9p1-6.3.1 openssh-askpass-gnome-debugsource-7.9p1-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): openssh-7.9p1-6.3.1 openssh-debuginfo-7.9p1-6.3.1 openssh-debugsource-7.9p1-6.3.1 openssh-helpers-7.9p1-6.3.1 openssh-helpers-debuginfo-7.9p1-6.3.1 References: https://bugzilla.suse.com/1136104 From sle-updates at lists.suse.com Fri Jun 21 07:17:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:17:45 +0200 (CEST) Subject: SUSE-RU-2019:1613-1: moderate: Recommended update for open-vm-tools Message-ID: <20190621131745.99E49FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1613-1 Rating: moderate References: #1122435 #1133623 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-vm-tools provides the following fixes: - Update vmtoolsd.service tools to run only after the network service is ready. (bsc#1133623) - Link VGAuthService to libxmlsec1 instead of libxml-security-c in SLES 12 SP3. (bsc#1122435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1613=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1613=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): open-vm-tools-debuginfo-10.3.10-3.3.1 open-vm-tools-debugsource-10.3.10-3.3.1 open-vm-tools-desktop-10.3.10-3.3.1 open-vm-tools-desktop-debuginfo-10.3.10-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libvmtools-devel-10.3.10-3.3.1 libvmtools0-10.3.10-3.3.1 libvmtools0-debuginfo-10.3.10-3.3.1 open-vm-tools-10.3.10-3.3.1 open-vm-tools-debuginfo-10.3.10-3.3.1 open-vm-tools-debugsource-10.3.10-3.3.1 References: https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1133623 From sle-updates at lists.suse.com Fri Jun 21 07:18:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:18:41 +0200 (CEST) Subject: SUSE-SU-2019:1605-1: moderate: Security update for SDL2 Message-ID: <20190621131841.A24FDFFC7@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1605-1 Rating: moderate References: #1124825 #1134135 Cross-References: CVE-2019-7637 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for SDL2 fixes the following issues: - Remove the fix for CVE-2019-7637, the modification of function SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. (bsc#1134135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1605=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1605=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1605=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): SDL2-debugsource-2.0.8-3.12.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.12.5 libSDL2-2_0-0-2.0.8-3.12.5 libSDL2-2_0-0-debuginfo-2.0.8-3.12.5 libSDL2-devel-2.0.8-3.12.5 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.12.5 libSDL2-2_0-0-2.0.8-3.12.5 libSDL2-2_0-0-debuginfo-2.0.8-3.12.5 libSDL2-devel-2.0.8-3.12.5 References: https://www.suse.com/security/cve/CVE-2019-7637.html https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1134135 From sle-updates at lists.suse.com Fri Jun 21 07:20:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:20:33 +0200 (CEST) Subject: SUSE-RU-2019:1626-1: moderate: Recommended update for cloud-netconfig Message-ID: <20190621132034.02E17FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1626-1 Rating: moderate References: #1135257 #1135263 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1626=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-netconfig-azure-1.0-11.1 cloud-netconfig-ec2-1.0-11.1 References: https://bugzilla.suse.com/1135257 https://bugzilla.suse.com/1135263 From sle-updates at lists.suse.com Fri Jun 21 07:21:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:21:59 +0200 (CEST) Subject: SUSE-SU-2019:1595-1: important: Security update for dbus-1 Message-ID: <20190621132159.9F22FFFC7@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1595-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1595=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): dbus-1-32bit-debuginfo-1.12.2-8.3.1 dbus-1-debugsource-1.12.2-8.3.1 dbus-1-devel-32bit-1.12.2-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): dbus-1-devel-doc-1.12.2-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-8.3.1 dbus-1-debuginfo-1.12.2-8.3.1 dbus-1-debugsource-1.12.2-8.3.1 dbus-1-devel-1.12.2-8.3.1 dbus-1-x11-1.12.2-8.3.1 dbus-1-x11-debuginfo-1.12.2-8.3.1 dbus-1-x11-debugsource-1.12.2-8.3.1 libdbus-1-3-1.12.2-8.3.1 libdbus-1-3-debuginfo-1.12.2-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): dbus-1-32bit-debuginfo-1.12.2-8.3.1 libdbus-1-3-32bit-1.12.2-8.3.1 libdbus-1-3-32bit-debuginfo-1.12.2-8.3.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Fri Jun 21 07:22:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:22:46 +0200 (CEST) Subject: SUSE-RU-2019:1614-1: moderate: Recommended update for osinfo-db Message-ID: <20190621132246.EE590FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1614-1 Rating: moderate References: #1137313 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db provides the following fix: - Add support for SLE-12-SP5. (bsc#1137313) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1614=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): osinfo-db-20190504-3.3.1 References: https://bugzilla.suse.com/1137313 From sle-updates at lists.suse.com Fri Jun 21 07:23:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:23:29 +0200 (CEST) Subject: SUSE-SU-2019:14097-1: important: Security update for libvirt Message-ID: <20190621132329.D8A27FFC7@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14097-1 Rating: important References: #1131595 #1138301 Cross-References: CVE-2019-10161 CVE-2019-3886 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-3886: Fixed a information exposure which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libvirt-14097=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-14097=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libvirt-1.2.5-23.20.1 libvirt-client-1.2.5-23.20.1 libvirt-doc-1.2.5-23.20.1 libvirt-lock-sanlock-1.2.5-23.20.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-23.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-23.20.1 libvirt-debugsource-1.2.5-23.20.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1131595 https://bugzilla.suse.com/1138301 From sle-updates at lists.suse.com Fri Jun 21 07:24:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:24:22 +0200 (CEST) Subject: SUSE-SU-2019:1602-1: important: Security update for gstreamer-0_10-plugins-base Message-ID: <20190621132422.1135BFFC7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1602-1 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1602=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1602=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1602=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1602=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1602=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1602=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1602=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1602=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1602=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1602=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1602=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-18.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gstreamer-0_10-plugins-base-0.10.36-18.3.2 gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-18.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gstreamer-0_10-plugins-base-0.10.36-18.3.2 gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 gstreamer-0_10-plugins-base-devel-0.10.36-18.3.2 typelib-1_0-GstApp-0_10-0.10.36-18.3.2 typelib-1_0-GstInterfaces-0_10-0.10.36-18.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 gstreamer-0_10-plugins-base-devel-0.10.36-18.3.2 typelib-1_0-GstApp-0_10-0.10.36-18.3.2 typelib-1_0-GstInterfaces-0_10-0.10.36-18.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-18.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gstreamer-0_10-plugins-base-0.10.36-18.3.2 gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-18.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gstreamer-0_10-plugins-base-0.10.36-18.3.2 gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 - SUSE Enterprise Storage 4 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.3.2 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.3.2 libgstapp-0_10-0-32bit-0.10.36-18.3.2 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-32bit-0.10.36-18.3.2 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.3.2 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Fri Jun 21 07:25:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:25:05 +0200 (CEST) Subject: SUSE-RU-2019:1632-1: moderate: Recommended update for valgrind Message-ID: <20190621132505.4E0CAFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for valgrind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1632-1 Rating: moderate References: #1133288 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for valgrind provides the following fixes: - Disable LTO. (bsc#1133288) - Update to 3.15.0. (fate#327402) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1632=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1632=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): valgrind-32bit-3.15.0-11.3.3 valgrind-debugsource-3.15.0-11.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): valgrind-32bit-debuginfo-3.15.0-11.3.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): valgrind-3.15.0-11.3.3 valgrind-debuginfo-3.15.0-11.3.3 valgrind-debugsource-3.15.0-11.3.3 valgrind-devel-3.15.0-11.3.3 References: https://bugzilla.suse.com/1133288 From sle-updates at lists.suse.com Fri Jun 21 07:25:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:25:47 +0200 (CEST) Subject: SUSE-SU-2019:1594-1: important: Security update for glib2 Message-ID: <20190621132547.9A2E4FFC7@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1594-1 Rating: important References: #1103678 #1137001 Cross-References: CVE-2019-12450 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1594=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1594=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1594=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1594=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1594=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (x86_64): glib2-debugsource-2.54.3-4.15.1 glib2-devel-32bit-2.54.3-4.15.1 glib2-devel-32bit-debuginfo-2.54.3-4.15.1 glib2-tools-32bit-2.54.3-4.15.1 glib2-tools-32bit-debuginfo-2.54.3-4.15.1 libgthread-2_0-0-32bit-2.54.3-4.15.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.15.1 glib2-devel-static-2.54.3-4.15.1 libgio-fam-2.54.3-4.15.1 libgio-fam-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gio-branding-upstream-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glib2-devel-32bit-2.54.3-4.15.1 glib2-devel-32bit-debuginfo-2.54.3-4.15.1 glib2-tools-32bit-2.54.3-4.15.1 glib2-tools-32bit-debuginfo-2.54.3-4.15.1 libgio-fam-32bit-2.54.3-4.15.1 libgio-fam-32bit-debuginfo-2.54.3-4.15.1 libgthread-2_0-0-32bit-2.54.3-4.15.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.15.1 glib2-devel-static-2.54.3-4.15.1 libgio-fam-2.54.3-4.15.1 libgio-fam-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gio-branding-upstream-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.15.1 glib2-devel-2.54.3-4.15.1 glib2-devel-debuginfo-2.54.3-4.15.1 glib2-tools-2.54.3-4.15.1 glib2-tools-debuginfo-2.54.3-4.15.1 libgio-2_0-0-2.54.3-4.15.1 libgio-2_0-0-debuginfo-2.54.3-4.15.1 libglib-2_0-0-2.54.3-4.15.1 libglib-2_0-0-debuginfo-2.54.3-4.15.1 libgmodule-2_0-0-2.54.3-4.15.1 libgmodule-2_0-0-debuginfo-2.54.3-4.15.1 libgobject-2_0-0-2.54.3-4.15.1 libgobject-2_0-0-debuginfo-2.54.3-4.15.1 libgthread-2_0-0-2.54.3-4.15.1 libgthread-2_0-0-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgio-2_0-0-32bit-2.54.3-4.15.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libglib-2_0-0-32bit-2.54.3-4.15.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libgmodule-2_0-0-32bit-2.54.3-4.15.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libgobject-2_0-0-32bit-2.54.3-4.15.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glib2-lang-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.15.1 glib2-devel-2.54.3-4.15.1 glib2-devel-debuginfo-2.54.3-4.15.1 glib2-tools-2.54.3-4.15.1 glib2-tools-debuginfo-2.54.3-4.15.1 libgio-2_0-0-2.54.3-4.15.1 libgio-2_0-0-debuginfo-2.54.3-4.15.1 libglib-2_0-0-2.54.3-4.15.1 libglib-2_0-0-debuginfo-2.54.3-4.15.1 libgmodule-2_0-0-2.54.3-4.15.1 libgmodule-2_0-0-debuginfo-2.54.3-4.15.1 libgobject-2_0-0-2.54.3-4.15.1 libgobject-2_0-0-debuginfo-2.54.3-4.15.1 libgthread-2_0-0-2.54.3-4.15.1 libgthread-2_0-0-debuginfo-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glib2-lang-2.54.3-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgio-2_0-0-32bit-2.54.3-4.15.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libglib-2_0-0-32bit-2.54.3-4.15.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libgmodule-2_0-0-32bit-2.54.3-4.15.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.15.1 libgobject-2_0-0-32bit-2.54.3-4.15.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.15.1 References: https://www.suse.com/security/cve/CVE-2019-12450.html https://bugzilla.suse.com/1103678 https://bugzilla.suse.com/1137001 From sle-updates at lists.suse.com Fri Jun 21 07:26:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:26:41 +0200 (CEST) Subject: SUSE-RU-2019:1615-1: moderate: Recommended update for python-kiwi Message-ID: <20190621132641.70D7CFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1615-1 Rating: moderate References: #1128146 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Update compression flag for qcow2 format. (bsc#1128146) - Refactoring for the evaluation of the compress flag in the runtime config. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1615=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1615=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.17.15-3.18.1 python2-kiwi-9.17.15-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.15-3.18.1 dracut-kiwi-live-9.17.15-3.18.1 dracut-kiwi-oem-dump-9.17.15-3.18.1 dracut-kiwi-oem-repart-9.17.15-3.18.1 dracut-kiwi-overlay-9.17.15-3.18.1 kiwi-man-pages-9.17.15-3.18.1 kiwi-tools-9.17.15-3.18.1 kiwi-tools-debuginfo-9.17.15-3.18.1 python-kiwi-debugsource-9.17.15-3.18.1 python3-kiwi-9.17.15-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.17.15-3.18.1 References: https://bugzilla.suse.com/1128146 From sle-updates at lists.suse.com Fri Jun 21 07:27:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:27:35 +0200 (CEST) Subject: SUSE-RU-2019:1628-1: moderate: Recommended update for samba Message-ID: <20190621132735.93534FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1628-1 Rating: moderate References: #1130245 #1134452 #1134697 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for samba fixes the following issues: - Fix cephwrap_flistxattr() debug message (bsc#1134697). - Use the correct directory for vfs_ceph realpath (bsc#1134452). - Explicitly enable libcephfs POSIX ACL support (bsc#1130245). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1628=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1628=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1628=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1628=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1628=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1628=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1628=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1628=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1628=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard-devel-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util-devel-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient-devel-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient-devel-4.6.16+git.166.8fb11cda200-3.43.1 samba-core-devel-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt-devel-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard-devel-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util-devel-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient-devel-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient-devel-4.6.16+git.166.8fb11cda200-3.43.1 samba-core-devel-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc-binding0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): samba-doc-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc-binding0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.166.8fb11cda200-3.43.1 ctdb-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.166.8fb11cda200-3.43.1 ctdb-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): samba-doc-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libdcerpc-binding0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc-binding0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc-binding0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-4.6.16+git.166.8fb11cda200-3.43.1 libdcerpc0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-krb5pac0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-nbt0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-4.6.16+git.166.8fb11cda200-3.43.1 libndr-standard0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-4.6.16+git.166.8fb11cda200-3.43.1 libndr0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-4.6.16+git.166.8fb11cda200-3.43.1 libnetapi0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-credentials0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-errors0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-hostconfig0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-passdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-4.6.16+git.166.8fb11cda200-3.43.1 libsamba-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-4.6.16+git.166.8fb11cda200-3.43.1 libsamdb0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbconf0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-4.6.16+git.166.8fb11cda200-3.43.1 libsmbldap0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-4.6.16+git.166.8fb11cda200-3.43.1 libtevent-util0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-4.6.16+git.166.8fb11cda200-3.43.1 libwbclient0-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-4.6.16+git.166.8fb11cda200-3.43.1 samba-client-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-4.6.16+git.166.8fb11cda200-3.43.1 samba-libs-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-4.6.16+git.166.8fb11cda200-3.43.1 samba-winbind-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.166.8fb11cda200-3.43.1 ctdb-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-ceph-4.6.16+git.166.8fb11cda200-3.43.1 samba-ceph-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debuginfo-4.6.16+git.166.8fb11cda200-3.43.1 samba-debugsource-4.6.16+git.166.8fb11cda200-3.43.1 References: https://bugzilla.suse.com/1130245 https://bugzilla.suse.com/1134452 https://bugzilla.suse.com/1134697 From sle-updates at lists.suse.com Fri Jun 21 07:28:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:28:37 +0200 (CEST) Subject: SUSE-SU-2019:1629-1: important: Security update for MozillaFirefox Message-ID: <20190621132837.CBE47FFC7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1629-1 Rating: important References: #1137792 #1138614 Cross-References: CVE-2019-11707 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for MozillaFirefox to version 60.7.1 fixes the following issues: Security issue fixed: - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Other issues addressed: - Added the new Mozilla's GPG key expiring on 2021-05-29 to the mozilla.keyring file - Fixed broken language plugins (bsc#1137792) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1629=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1629=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1629=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1629=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.1-3.45.1 MozillaFirefox-debuginfo-60.7.1-3.45.1 MozillaFirefox-debugsource-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.1-3.45.1 MozillaFirefox-debuginfo-60.7.1-3.45.1 MozillaFirefox-debugsource-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.1-3.45.1 MozillaFirefox-debuginfo-60.7.1-3.45.1 MozillaFirefox-debugsource-60.7.1-3.45.1 MozillaFirefox-translations-common-60.7.1-3.45.1 MozillaFirefox-translations-other-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.7.1-3.45.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.1-3.45.1 MozillaFirefox-debuginfo-60.7.1-3.45.1 MozillaFirefox-debugsource-60.7.1-3.45.1 MozillaFirefox-devel-60.7.1-3.45.1 MozillaFirefox-translations-common-60.7.1-3.45.1 MozillaFirefox-translations-other-60.7.1-3.45.1 References: https://www.suse.com/security/cve/CVE-2019-11707.html https://bugzilla.suse.com/1137792 https://bugzilla.suse.com/1138614 From sle-updates at lists.suse.com Fri Jun 21 07:29:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:29:28 +0200 (CEST) Subject: SUSE-SU-2019:1591-1: important: Security update for dbus-1 Message-ID: <20190621132928.39798FFC7@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1591-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1591=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1591=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1591=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1591=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1591=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1591=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1591=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1591=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1591=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debuginfo-32bit-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): dbus-1-debuginfo-32bit-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debuginfo-32bit-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debuginfo-32bit-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - SUSE Enterprise Storage 4 (x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debuginfo-32bit-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-32bit-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dbus-1-1.8.22-24.19.1 dbus-1-debuginfo-1.8.22-24.19.1 dbus-1-debugsource-1.8.22-24.19.1 dbus-1-x11-debuginfo-1.8.22-24.19.1 dbus-1-x11-debugsource-1.8.22-24.19.1 libdbus-1-3-1.8.22-24.19.1 libdbus-1-3-debuginfo-1.8.22-24.19.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Fri Jun 21 07:30:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:30:12 +0200 (CEST) Subject: SUSE-RU-2019:1619-1: Recommended update for nautilus Message-ID: <20190621133012.0CEA0FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1619-1 Rating: low References: #1089892 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nautilus provides the following fix: - Show a notification when disks can be safely removed after unmounting. (bsc#1089892, jsc#SLE-6657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1619=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1619=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1619=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1619=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1619=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1619=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1619=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1619=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libnautilus-extension1-32bit-3.20.3-23.12.10 libnautilus-extension1-debuginfo-32bit-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libnautilus-extension1-32bit-3.20.3-23.12.10 libnautilus-extension1-debuginfo-32bit-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 nautilus-devel-3.20.3-23.12.10 typelib-1_0-Nautilus-3_0-3.20.3-23.12.10 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 nautilus-devel-3.20.3-23.12.10 typelib-1_0-Nautilus-3_0-3.20.3-23.12.10 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.12.10 libnautilus-extension1-3.20.3-23.12.10 libnautilus-extension1-debuginfo-3.20.3-23.12.10 nautilus-3.20.3-23.12.10 nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Server 12-SP4 (noarch): nautilus-lang-3.20.3-23.12.10 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.12.10 libnautilus-extension1-3.20.3-23.12.10 libnautilus-extension1-debuginfo-3.20.3-23.12.10 nautilus-3.20.3-23.12.10 nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Server 12-SP3 (noarch): nautilus-lang-3.20.3-23.12.10 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.12.10 libnautilus-extension1-3.20.3-23.12.10 libnautilus-extension1-32bit-3.20.3-23.12.10 libnautilus-extension1-debuginfo-3.20.3-23.12.10 libnautilus-extension1-debuginfo-32bit-3.20.3-23.12.10 nautilus-3.20.3-23.12.10 nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): nautilus-lang-3.20.3-23.12.10 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.12.10 libnautilus-extension1-3.20.3-23.12.10 libnautilus-extension1-32bit-3.20.3-23.12.10 libnautilus-extension1-debuginfo-3.20.3-23.12.10 libnautilus-extension1-debuginfo-32bit-3.20.3-23.12.10 nautilus-3.20.3-23.12.10 nautilus-debuginfo-3.20.3-23.12.10 nautilus-debugsource-3.20.3-23.12.10 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): nautilus-lang-3.20.3-23.12.10 References: https://bugzilla.suse.com/1089892 From sle-updates at lists.suse.com Fri Jun 21 07:30:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:30:55 +0200 (CEST) Subject: SUSE-RU-2019:1620-1: moderate: Recommended update for yast2-firstboot Message-ID: <20190621133055.D41AFFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1620-1 Rating: moderate References: #1131327 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-firstboot provides the following fixes: - Update the firstboot.xml template to use the "firstboot_licenses" client for the license agreement. - Adapt the "firstboot_licenses" client to cover the following scenarios: display the Novell license agreement, the vendor license agreement, both or simply the default one. (bsc#1131327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1620=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-firstboot-4.1.7-3.3.2 References: https://bugzilla.suse.com/1131327 From sle-updates at lists.suse.com Fri Jun 21 07:31:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:31:40 +0200 (CEST) Subject: SUSE-SU-2019:1608-1: moderate: Security update for compat-openssl098 Message-ID: <20190621133140.3BE06FFC7@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1608-1 Rating: moderate References: #1117951 #1127080 #1131291 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for compat-openssl098 fixes the following issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed "The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations" (bsc#1117951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1608=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1608=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1608=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1608=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2019-1608=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1608=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1608=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-32bit-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.12.1 libopenssl0_9_8-0.9.8j-106.12.1 libopenssl0_9_8-debuginfo-0.9.8j-106.12.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Fri Jun 21 07:32:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:32:44 +0200 (CEST) Subject: SUSE-SU-2019:1601-1: important: Security update for sqlite3 Message-ID: <20190621133244.935F6FFC7@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1601-1 Rating: important References: #1136976 Cross-References: CVE-2019-8457 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1601=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1601=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1601=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1601=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1601=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1601=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1601=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1601=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1601=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1601=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1601=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1601=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1601=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1601=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 sqlite3-devel-3.8.10.2-9.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 sqlite3-devel-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE Enterprise Storage 4 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-32bit-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1 sqlite3-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE CaaS Platform ALL (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - SUSE CaaS Platform 3.0 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsqlite3-0-3.8.10.2-9.9.1 libsqlite3-0-debuginfo-3.8.10.2-9.9.1 sqlite3-debuginfo-3.8.10.2-9.9.1 sqlite3-debugsource-3.8.10.2-9.9.1 References: https://www.suse.com/security/cve/CVE-2019-8457.html https://bugzilla.suse.com/1136976 From sle-updates at lists.suse.com Fri Jun 21 07:33:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:33:28 +0200 (CEST) Subject: SUSE-RU-2019:1622-1: moderate: Recommended update for oracleasm Message-ID: <20190621133328.2C8DCFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1622-1 Rating: moderate References: #1119403 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module RT 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issues: - Fix error: storage size of 'iter' isn't known. (bsc#1119403). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1622=1 - SUSE Linux Enterprise Module RT 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2019-1622=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_195-7.3.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_195-7.3.1 - SUSE Linux Enterprise Module RT 15-SP1 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_12-7.3.1 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_12-7.3.1 References: https://bugzilla.suse.com/1119403 From sle-updates at lists.suse.com Fri Jun 21 07:34:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:34:09 +0200 (CEST) Subject: SUSE-RU-2019:1621-1: Recommended update for apache2 Message-ID: <20190621133409.870BBFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1621-1 Rating: low References: #1134294 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - Reinstate apache-22-24-upgrade migration script to enable smooth update from Apache 2.2 to 2.4 [bsc#1134294] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1621=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1621=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1621=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1621=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.18.2 apache2-debuginfo-2.4.33-3.18.2 apache2-debugsource-2.4.33-3.18.2 apache2-devel-2.4.33-3.18.2 apache2-prefork-2.4.33-3.18.2 apache2-prefork-debuginfo-2.4.33-3.18.2 apache2-utils-2.4.33-3.18.2 apache2-utils-debuginfo-2.4.33-3.18.2 apache2-worker-2.4.33-3.18.2 apache2-worker-debuginfo-2.4.33-3.18.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): apache2-doc-2.4.33-3.18.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.18.2 apache2-debuginfo-2.4.33-3.18.2 apache2-debugsource-2.4.33-3.18.2 apache2-devel-2.4.33-3.18.2 apache2-prefork-2.4.33-3.18.2 apache2-prefork-debuginfo-2.4.33-3.18.2 apache2-utils-2.4.33-3.18.2 apache2-utils-debuginfo-2.4.33-3.18.2 apache2-worker-2.4.33-3.18.2 apache2-worker-debuginfo-2.4.33-3.18.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.18.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.18.2 apache2-debugsource-2.4.33-3.18.2 apache2-event-2.4.33-3.18.2 apache2-event-debuginfo-2.4.33-3.18.2 apache2-example-pages-2.4.33-3.18.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.18.2 apache2-debugsource-2.4.33-3.18.2 apache2-event-2.4.33-3.18.2 apache2-event-debuginfo-2.4.33-3.18.2 apache2-example-pages-2.4.33-3.18.2 References: https://bugzilla.suse.com/1134294 From sle-updates at lists.suse.com Fri Jun 21 07:34:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:34:53 +0200 (CEST) Subject: SUSE-SU-2019:1610-1: moderate: Security update for wireshark Message-ID: <20190621133454.00879FFC7@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1610-1 Rating: moderate References: #1136021 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1610=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1610=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1610=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1610=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1610=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1610=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-devel-2.4.15-48.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-devel-2.4.15-48.48.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.15-48.48.1 libwireshark9-debuginfo-2.4.15-48.48.1 libwiretap7-2.4.15-48.48.1 libwiretap7-debuginfo-2.4.15-48.48.1 libwscodecs1-2.4.15-48.48.1 libwscodecs1-debuginfo-2.4.15-48.48.1 libwsutil8-2.4.15-48.48.1 libwsutil8-debuginfo-2.4.15-48.48.1 wireshark-2.4.15-48.48.1 wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-gtk-2.4.15-48.48.1 wireshark-gtk-debuginfo-2.4.15-48.48.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.15-48.48.1 libwireshark9-debuginfo-2.4.15-48.48.1 libwiretap7-2.4.15-48.48.1 libwiretap7-debuginfo-2.4.15-48.48.1 libwscodecs1-2.4.15-48.48.1 libwscodecs1-debuginfo-2.4.15-48.48.1 libwsutil8-2.4.15-48.48.1 libwsutil8-debuginfo-2.4.15-48.48.1 wireshark-2.4.15-48.48.1 wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-gtk-2.4.15-48.48.1 wireshark-gtk-debuginfo-2.4.15-48.48.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.15-48.48.1 libwireshark9-debuginfo-2.4.15-48.48.1 libwiretap7-2.4.15-48.48.1 libwiretap7-debuginfo-2.4.15-48.48.1 libwscodecs1-2.4.15-48.48.1 libwscodecs1-debuginfo-2.4.15-48.48.1 libwsutil8-2.4.15-48.48.1 libwsutil8-debuginfo-2.4.15-48.48.1 wireshark-2.4.15-48.48.1 wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-gtk-2.4.15-48.48.1 wireshark-gtk-debuginfo-2.4.15-48.48.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.15-48.48.1 libwireshark9-debuginfo-2.4.15-48.48.1 libwiretap7-2.4.15-48.48.1 libwiretap7-debuginfo-2.4.15-48.48.1 libwscodecs1-2.4.15-48.48.1 libwscodecs1-debuginfo-2.4.15-48.48.1 libwsutil8-2.4.15-48.48.1 libwsutil8-debuginfo-2.4.15-48.48.1 wireshark-2.4.15-48.48.1 wireshark-debuginfo-2.4.15-48.48.1 wireshark-debugsource-2.4.15-48.48.1 wireshark-gtk-2.4.15-48.48.1 wireshark-gtk-debuginfo-2.4.15-48.48.1 References: https://bugzilla.suse.com/1136021 From sle-updates at lists.suse.com Fri Jun 21 07:35:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:35:35 +0200 (CEST) Subject: SUSE-SU-2019:1599-1: important: Security update for libvirt Message-ID: <20190621133535.65315FFC7@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1599-1 Rating: important References: #1138301 #1138302 #1138303 Cross-References: CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1599=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1599=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1599=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-8.15.2 libvirt-devel-4.0.0-8.15.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.15.2 libvirt-admin-4.0.0-8.15.2 libvirt-admin-debuginfo-4.0.0-8.15.2 libvirt-client-4.0.0-8.15.2 libvirt-client-debuginfo-4.0.0-8.15.2 libvirt-daemon-4.0.0-8.15.2 libvirt-daemon-config-network-4.0.0-8.15.2 libvirt-daemon-config-nwfilter-4.0.0-8.15.2 libvirt-daemon-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-interface-4.0.0-8.15.2 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-lxc-4.0.0-8.15.2 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-network-4.0.0-8.15.2 libvirt-daemon-driver-network-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-nodedev-4.0.0-8.15.2 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-nwfilter-4.0.0-8.15.2 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-qemu-4.0.0-8.15.2 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-secret-4.0.0-8.15.2 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-4.0.0-8.15.2 libvirt-daemon-driver-storage-core-4.0.0-8.15.2 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-disk-4.0.0-8.15.2 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-iscsi-4.0.0-8.15.2 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-logical-4.0.0-8.15.2 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-mpath-4.0.0-8.15.2 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-scsi-4.0.0-8.15.2 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.15.2 libvirt-daemon-hooks-4.0.0-8.15.2 libvirt-daemon-lxc-4.0.0-8.15.2 libvirt-daemon-qemu-4.0.0-8.15.2 libvirt-debugsource-4.0.0-8.15.2 libvirt-doc-4.0.0-8.15.2 libvirt-libs-4.0.0-8.15.2 libvirt-libs-debuginfo-4.0.0-8.15.2 libvirt-lock-sanlock-4.0.0-8.15.2 libvirt-lock-sanlock-debuginfo-4.0.0-8.15.2 libvirt-nss-4.0.0-8.15.2 libvirt-nss-debuginfo-4.0.0-8.15.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.15.2 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.15.2 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.15.2 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.15.2 libvirt-daemon-xen-4.0.0-8.15.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvirt-4.0.0-8.15.2 libvirt-admin-4.0.0-8.15.2 libvirt-admin-debuginfo-4.0.0-8.15.2 libvirt-client-4.0.0-8.15.2 libvirt-client-debuginfo-4.0.0-8.15.2 libvirt-daemon-4.0.0-8.15.2 libvirt-daemon-config-network-4.0.0-8.15.2 libvirt-daemon-config-nwfilter-4.0.0-8.15.2 libvirt-daemon-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-interface-4.0.0-8.15.2 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-libxl-4.0.0-8.15.2 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-lxc-4.0.0-8.15.2 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-network-4.0.0-8.15.2 libvirt-daemon-driver-network-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-nodedev-4.0.0-8.15.2 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-nwfilter-4.0.0-8.15.2 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-qemu-4.0.0-8.15.2 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-secret-4.0.0-8.15.2 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-4.0.0-8.15.2 libvirt-daemon-driver-storage-core-4.0.0-8.15.2 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-disk-4.0.0-8.15.2 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-iscsi-4.0.0-8.15.2 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-logical-4.0.0-8.15.2 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-mpath-4.0.0-8.15.2 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-rbd-4.0.0-8.15.2 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.15.2 libvirt-daemon-driver-storage-scsi-4.0.0-8.15.2 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.15.2 libvirt-daemon-lxc-4.0.0-8.15.2 libvirt-daemon-qemu-4.0.0-8.15.2 libvirt-daemon-xen-4.0.0-8.15.2 libvirt-debugsource-4.0.0-8.15.2 libvirt-doc-4.0.0-8.15.2 libvirt-libs-4.0.0-8.15.2 libvirt-libs-debuginfo-4.0.0-8.15.2 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10166.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138302 https://bugzilla.suse.com/1138303 From sle-updates at lists.suse.com Fri Jun 21 07:36:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:36:29 +0200 (CEST) Subject: SUSE-SU-2019:1597-1: important: Security update for dbus-1 Message-ID: <20190621133629.09530FFC7@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1597-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1597=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1597=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): dbus-1-devel-doc-1.12.2-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-3.8.1 dbus-1-debuginfo-1.12.2-3.8.1 dbus-1-debugsource-1.12.2-3.8.1 dbus-1-devel-1.12.2-3.8.1 dbus-1-x11-1.12.2-3.8.1 dbus-1-x11-debuginfo-1.12.2-3.8.1 dbus-1-x11-debugsource-1.12.2-3.8.1 libdbus-1-3-1.12.2-3.8.1 libdbus-1-3-debuginfo-1.12.2-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): dbus-1-32bit-debuginfo-1.12.2-3.8.1 libdbus-1-3-32bit-1.12.2-3.8.1 libdbus-1-3-32bit-debuginfo-1.12.2-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Fri Jun 21 07:37:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:37:09 +0200 (CEST) Subject: SUSE-RU-2019:1617-1: moderate: Recommended update for yast2-theme Message-ID: <20190621133709.D2981FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-theme ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1617-1 Rating: moderate References: #1105792 #1125450 #1133415 #971671 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-theme provides the following fixes: - On SLE, the Qt branding files are included in yast2-theme to conflict with the separate package that exists on openSUSE. (bsc#1133415) - Use yast2-qt-branding as requirement to allow alternative branding. (bsc#1105792) - Require yast2-qt-branding-openSUSE for openSUSE distributions so YaST firstboot has some branding. (bsc#1105792) - Update Oxygen icon theme. (bsc#1125450) - Add Breeze pattern icons. (bsc#971671) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1617=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-theme-4.1.13-8.3.2 References: https://bugzilla.suse.com/1105792 https://bugzilla.suse.com/1125450 https://bugzilla.suse.com/1133415 https://bugzilla.suse.com/971671 From sle-updates at lists.suse.com Fri Jun 21 07:38:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:38:20 +0200 (CEST) Subject: SUSE-RU-2019:1624-1: moderate: Recommended update for yast2 Message-ID: <20190621133820.1131AFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1624-1 Rating: moderate References: #1128032 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Stop "ls: write error: Broken pipe" messages. (bsc#1128032) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1624=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1624=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-3.2.46.1-3.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-3.2.46.1-3.29.1 References: https://bugzilla.suse.com/1128032 From sle-updates at lists.suse.com Fri Jun 21 07:39:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:39:36 +0200 (CEST) Subject: SUSE-SU-2019:1603-1: moderate: Security update for exempi Message-ID: <20190621133936.40C27FFC7@maintenance.suse.de> SUSE Security Update: Security update for exempi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1603-1 Rating: moderate References: #1098946 Cross-References: CVE-2018-12648 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for exempi fixes the following issues: - CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when processing webp files (bsc#1098946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1603=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1603=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1603=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1603=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.4.5-3.3.2 exempi-tools-2.4.5-3.3.2 exempi-tools-debuginfo-2.4.5-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.4.5-3.3.2 exempi-tools-2.4.5-3.3.2 exempi-tools-debuginfo-2.4.5-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.4.5-3.3.2 libexempi-devel-2.4.5-3.3.2 libexempi3-2.4.5-3.3.2 libexempi3-debuginfo-2.4.5-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): exempi-debugsource-2.4.5-3.3.2 libexempi-devel-2.4.5-3.3.2 libexempi3-2.4.5-3.3.2 libexempi3-debuginfo-2.4.5-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-12648.html https://bugzilla.suse.com/1098946 From sle-updates at lists.suse.com Fri Jun 21 07:40:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:40:24 +0200 (CEST) Subject: SUSE-SU-2019:1606-1: moderate: Security update for libssh2_org Message-ID: <20190621134024.7CB43FFC7@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1606-1 Rating: moderate References: #1128481 #1136570 Cross-References: CVE-2019-3860 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1606=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1606=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1606=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1606=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1606=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1606=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1606=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1606=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1606=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1606=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1606=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1606=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1606=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1606=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1606=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.9.1 libssh2-1-debuginfo-32bit-1.4.3-20.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE Enterprise Storage 4 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE CaaS Platform ALL (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - SUSE CaaS Platform 3.0 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libssh2-1-1.4.3-20.9.1 libssh2-1-debuginfo-1.4.3-20.9.1 libssh2_org-debugsource-1.4.3-20.9.1 References: https://www.suse.com/security/cve/CVE-2019-3860.html https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1136570 From sle-updates at lists.suse.com Fri Jun 21 07:42:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:42:04 +0200 (CEST) Subject: SUSE-RU-2019:1627-1: moderate: Recommended update for xfsprogs Message-ID: <20190621134204.D0F30FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1627-1 Rating: moderate References: #1073421 #1122271 #1129859 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1627=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1627=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-4.16.1 xfsprogs-debuginfo-4.15.0-4.16.1 xfsprogs-debugsource-4.15.0-4.16.1 xfsprogs-devel-4.15.0-4.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-4.16.1 xfsprogs-debuginfo-4.15.0-4.16.1 xfsprogs-debugsource-4.15.0-4.16.1 xfsprogs-devel-4.15.0-4.16.1 References: https://bugzilla.suse.com/1073421 https://bugzilla.suse.com/1122271 https://bugzilla.suse.com/1129859 From sle-updates at lists.suse.com Fri Jun 21 07:43:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:43:01 +0200 (CEST) Subject: SUSE-RU-2019:1623-1: moderate: Recommended update for yast2 Message-ID: <20190621134301.3C27BFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1623-1 Rating: moderate References: #1128032 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Stop "ls: write error: Broken pipe" messages. (bsc#1128032) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1623=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1623=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): yast2-3.2.50-4.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): yast2-3.2.50-4.7.1 References: https://bugzilla.suse.com/1128032 From sle-updates at lists.suse.com Fri Jun 21 07:43:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:43:40 +0200 (CEST) Subject: SUSE-RU-2019:1612-1: moderate: Recommended update for resource-agents Message-ID: <20190621134340.6DB89FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1612-1 Rating: moderate References: #1137038 #1137231 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixes a byte conversion error (bsc#1137038, bsc#1137231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1612=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.30.1 resource-agents-4.0.1+git.1495055229.643177f1-2.30.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.30.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.30.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.30.1 References: https://bugzilla.suse.com/1137038 https://bugzilla.suse.com/1137231 From sle-updates at lists.suse.com Fri Jun 21 07:44:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:44:25 +0200 (CEST) Subject: SUSE-SU-2019:14098-1: moderate: Security update for libssh2_org Message-ID: <20190621134425.0A8E4FFC7@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14098-1 Rating: moderate References: #1128481 #1136570 Cross-References: CVE-2019-3860 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libssh2_org-14098=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libssh2_org-14098=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libssh2-1-1.2.9-4.2.12.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libssh2_org-debuginfo-1.2.9-4.2.12.11.1 libssh2_org-debugsource-1.2.9-4.2.12.11.1 References: https://www.suse.com/security/cve/CVE-2019-3860.html https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1136570 From sle-updates at lists.suse.com Fri Jun 21 07:45:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:45:09 +0200 (CEST) Subject: SUSE-RU-2019:1618-1: moderate: Recommended update for yast2-installation Message-ID: <20190621134509.9A0E9FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1618-1 Rating: moderate References: #1132915 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-installation provides the following fixes: - Downloading files: Remounting CD with bind option correctly if the CD has already been mounted. (bsc#1132915) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1618=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-installation-4.1.46-3.3.7 References: https://bugzilla.suse.com/1132915 From sle-updates at lists.suse.com Fri Jun 21 07:45:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:45:53 +0200 (CEST) Subject: SUSE-SU-2019:1607-1: moderate: Security update for wireshark Message-ID: <20190621134553.7EEFAFFC7@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1607-1 Rating: moderate References: #1136021 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1607=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1607=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1607=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1607=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.15-3.28.7 wireshark-debugsource-2.4.15-3.28.7 wireshark-devel-2.4.15-3.28.7 wireshark-ui-qt-2.4.15-3.28.7 wireshark-ui-qt-debuginfo-2.4.15-3.28.7 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.15-3.28.7 wireshark-debugsource-2.4.15-3.28.7 wireshark-devel-2.4.15-3.28.7 wireshark-ui-qt-2.4.15-3.28.7 wireshark-ui-qt-debuginfo-2.4.15-3.28.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.15-3.28.7 libwireshark9-debuginfo-2.4.15-3.28.7 libwiretap7-2.4.15-3.28.7 libwiretap7-debuginfo-2.4.15-3.28.7 libwscodecs1-2.4.15-3.28.7 libwscodecs1-debuginfo-2.4.15-3.28.7 libwsutil8-2.4.15-3.28.7 libwsutil8-debuginfo-2.4.15-3.28.7 wireshark-2.4.15-3.28.7 wireshark-debuginfo-2.4.15-3.28.7 wireshark-debugsource-2.4.15-3.28.7 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.15-3.28.7 libwireshark9-debuginfo-2.4.15-3.28.7 libwiretap7-2.4.15-3.28.7 libwiretap7-debuginfo-2.4.15-3.28.7 libwscodecs1-2.4.15-3.28.7 libwscodecs1-debuginfo-2.4.15-3.28.7 libwsutil8-2.4.15-3.28.7 libwsutil8-debuginfo-2.4.15-3.28.7 wireshark-2.4.15-3.28.7 wireshark-debuginfo-2.4.15-3.28.7 wireshark-debugsource-2.4.15-3.28.7 References: https://bugzilla.suse.com/1136021 From sle-updates at lists.suse.com Fri Jun 21 07:46:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:46:40 +0200 (CEST) Subject: SUSE-RU-2019:1635-1: moderate: Recommended update for krb5 Message-ID: <20190621134640.6BC71FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1635-1 Rating: moderate References: #1134217 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1635=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1635=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1635=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.3.4 krb5-debugsource-1.16.3-3.3.4 krb5-plugin-kdb-ldap-1.16.3-3.3.4 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.3.4 krb5-server-1.16.3-3.3.4 krb5-server-debuginfo-1.16.3-3.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-mini-1.16.3-3.3.3 krb5-mini-debuginfo-1.16.3-3.3.3 krb5-mini-debugsource-1.16.3-3.3.3 krb5-mini-devel-1.16.3-3.3.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): krb5-32bit-debuginfo-1.16.3-3.3.4 krb5-debugsource-1.16.3-3.3.4 krb5-devel-32bit-1.16.3-3.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.3.4 krb5-client-1.16.3-3.3.4 krb5-client-debuginfo-1.16.3-3.3.4 krb5-debuginfo-1.16.3-3.3.4 krb5-debugsource-1.16.3-3.3.4 krb5-devel-1.16.3-3.3.4 krb5-plugin-preauth-otp-1.16.3-3.3.4 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.3.4 krb5-plugin-preauth-pkinit-1.16.3-3.3.4 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): krb5-32bit-1.16.3-3.3.4 krb5-32bit-debuginfo-1.16.3-3.3.4 References: https://bugzilla.suse.com/1134217 From sle-updates at lists.suse.com Fri Jun 21 07:47:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:47:23 +0200 (CEST) Subject: SUSE-RU-2019:1631-1: Recommended update for xz Message-ID: <20190621134723.77A2EFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for xz ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1631-1 Rating: low References: #1135709 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1631=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1631=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1631=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): xz-debugsource-5.2.3-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-4.3.1 liblzma5-debuginfo-5.2.3-4.3.1 xz-5.2.3-4.3.1 xz-debuginfo-5.2.3-4.3.1 xz-debugsource-5.2.3-4.3.1 xz-devel-5.2.3-4.3.1 xz-static-devel-5.2.3-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): xz-lang-5.2.3-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-4.3.1 liblzma5-debuginfo-5.2.3-4.3.1 xz-5.2.3-4.3.1 xz-debuginfo-5.2.3-4.3.1 xz-debugsource-5.2.3-4.3.1 xz-devel-5.2.3-4.3.1 xz-static-devel-5.2.3-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): xz-lang-5.2.3-4.3.1 References: https://bugzilla.suse.com/1135709 From sle-updates at lists.suse.com Fri Jun 21 07:48:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:48:03 +0200 (CEST) Subject: SUSE-RU-2019:1616-1: moderate: Recommended update for rpcbind Message-ID: <20190621134803.2F96BFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1616-1 Rating: moderate References: #1134659 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1616=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1616=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rpcbind-0.2.3-5.6.1 rpcbind-debuginfo-0.2.3-5.6.1 rpcbind-debugsource-0.2.3-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rpcbind-0.2.3-5.6.1 rpcbind-debuginfo-0.2.3-5.6.1 rpcbind-debugsource-0.2.3-5.6.1 References: https://bugzilla.suse.com/1134659 From sle-updates at lists.suse.com Fri Jun 21 07:48:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:48:50 +0200 (CEST) Subject: SUSE-RU-2019:1625-1: moderate: Recommended update for MozillaFirefox Message-ID: <20190621134850.25EDCFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1625-1 Rating: moderate References: #1137792 #1138614 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for MozillaFirefox to version 60.7.1 fixes the following issues: Security issue fixed: - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Other issue addressed: - Fixed broken language plugins (bsc#1137792) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1625=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1625=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1625=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1625=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1625=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1625=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1625=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1625=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1625=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1625=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1625=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1625=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1625=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1625=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1625=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1625=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1625=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.7.1-109.77.1 MozillaFirefox-debuginfo-60.7.1-109.77.1 MozillaFirefox-debugsource-60.7.1-109.77.1 MozillaFirefox-devel-60.7.1-109.77.1 MozillaFirefox-translations-common-60.7.1-109.77.1 References: https://www.suse.com/security/cve/CVE-2019-11707.html https://bugzilla.suse.com/1137792 https://bugzilla.suse.com/1138614 From sle-updates at lists.suse.com Fri Jun 21 07:49:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:49:42 +0200 (CEST) Subject: SUSE-RU-2019:1634-1: moderate: Recommended update for resource-agents Message-ID: <20190621134942.6FDAAFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1634-1 Rating: moderate References: #1137038 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents provides the following fixes: - Change message log level for the non action messages. The messages can still be seen using the verbose parameter. (bsc#1137038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1634=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.1.1+git0.5a1edf2b-3.20.1 resource-agents-4.1.1+git0.5a1edf2b-3.20.1 resource-agents-debuginfo-4.1.1+git0.5a1edf2b-3.20.1 resource-agents-debugsource-4.1.1+git0.5a1edf2b-3.20.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.1.1+git0.5a1edf2b-3.20.1 References: https://bugzilla.suse.com/1137038 From sle-updates at lists.suse.com Fri Jun 21 07:50:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 15:50:22 +0200 (CEST) Subject: SUSE-SU-2019:1596-1: important: Security update for glib2 Message-ID: <20190621135022.21A73FFC7@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1596-1 Rating: important References: #1107116 #1107121 #1111499 #1137001 Cross-References: CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a NULL pointer dereference (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Some exploitable parser bugs in GVariant and GDBus subsystems were fixed (bsc#1111499). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1596=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1596=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.9.2 glib2-tools-2.38.2-7.9.2 glib2-tools-debuginfo-2.38.2-7.9.2 libgio-2_0-0-2.38.2-7.9.2 libgio-2_0-0-debuginfo-2.38.2-7.9.2 libglib-2_0-0-2.38.2-7.9.2 libglib-2_0-0-debuginfo-2.38.2-7.9.2 libgmodule-2_0-0-2.38.2-7.9.2 libgmodule-2_0-0-debuginfo-2.38.2-7.9.2 libgobject-2_0-0-2.38.2-7.9.2 libgobject-2_0-0-debuginfo-2.38.2-7.9.2 libgthread-2_0-0-2.38.2-7.9.2 libgthread-2_0-0-debuginfo-2.38.2-7.9.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.9.2 libgio-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libglib-2_0-0-32bit-2.38.2-7.9.2 libglib-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgmodule-2_0-0-32bit-2.38.2-7.9.2 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgobject-2_0-0-32bit-2.38.2-7.9.2 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgthread-2_0-0-32bit-2.38.2-7.9.2 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.9.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glib2-lang-2.38.2-7.9.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.9.2 glib2-tools-2.38.2-7.9.2 glib2-tools-debuginfo-2.38.2-7.9.2 libgio-2_0-0-2.38.2-7.9.2 libgio-2_0-0-debuginfo-2.38.2-7.9.2 libglib-2_0-0-2.38.2-7.9.2 libglib-2_0-0-debuginfo-2.38.2-7.9.2 libgmodule-2_0-0-2.38.2-7.9.2 libgmodule-2_0-0-debuginfo-2.38.2-7.9.2 libgobject-2_0-0-2.38.2-7.9.2 libgobject-2_0-0-debuginfo-2.38.2-7.9.2 libgthread-2_0-0-2.38.2-7.9.2 libgthread-2_0-0-debuginfo-2.38.2-7.9.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.9.2 libgio-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libglib-2_0-0-32bit-2.38.2-7.9.2 libglib-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgmodule-2_0-0-32bit-2.38.2-7.9.2 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgobject-2_0-0-32bit-2.38.2-7.9.2 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.9.2 libgthread-2_0-0-32bit-2.38.2-7.9.2 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.9.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): glib2-lang-2.38.2-7.9.2 References: https://www.suse.com/security/cve/CVE-2018-16428.html https://www.suse.com/security/cve/CVE-2018-16429.html https://www.suse.com/security/cve/CVE-2019-12450.html https://bugzilla.suse.com/1107116 https://bugzilla.suse.com/1107121 https://bugzilla.suse.com/1111499 https://bugzilla.suse.com/1137001 From sle-updates at lists.suse.com Fri Jun 21 10:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:11:55 +0200 (CEST) Subject: SUSE-RU-2019:1640-1: moderate: Recommended update for perl-Bootloader Message-ID: <20190621161155.43D04FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1640-1 Rating: moderate References: #1136601 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Bootloader provides the following fixes: - Fix secureboot on aarch64. (bsc#1136601) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1640=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perl-Bootloader-YAML-0.924-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-Bootloader-0.924-8.3.1 References: https://bugzilla.suse.com/1136601 From sle-updates at lists.suse.com Fri Jun 21 10:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:12:40 +0200 (CEST) Subject: SUSE-SU-2019:1637-1: important: Security update for libvirt Message-ID: <20190621161240.49301FFC7@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1637-1 Rating: important References: #1136109 #1138301 #1138302 #1138303 Cross-References: CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Other issue addressed: - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1637=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1637=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1637=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.27.1 libvirt-admin-4.0.0-9.27.1 libvirt-admin-debuginfo-4.0.0-9.27.1 libvirt-client-4.0.0-9.27.1 libvirt-client-debuginfo-4.0.0-9.27.1 libvirt-daemon-4.0.0-9.27.1 libvirt-daemon-config-network-4.0.0-9.27.1 libvirt-daemon-config-nwfilter-4.0.0-9.27.1 libvirt-daemon-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-interface-4.0.0-9.27.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-lxc-4.0.0-9.27.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-network-4.0.0-9.27.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-nodedev-4.0.0-9.27.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-nwfilter-4.0.0-9.27.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-qemu-4.0.0-9.27.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-secret-4.0.0-9.27.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-4.0.0-9.27.1 libvirt-daemon-driver-storage-core-4.0.0-9.27.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-disk-4.0.0-9.27.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.27.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-logical-4.0.0-9.27.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.27.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.27.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.27.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.27.1 libvirt-daemon-hooks-4.0.0-9.27.1 libvirt-daemon-lxc-4.0.0-9.27.1 libvirt-daemon-qemu-4.0.0-9.27.1 libvirt-debugsource-4.0.0-9.27.1 libvirt-devel-4.0.0-9.27.1 libvirt-doc-4.0.0-9.27.1 libvirt-lock-sanlock-4.0.0-9.27.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.27.1 libvirt-nss-4.0.0-9.27.1 libvirt-nss-debuginfo-4.0.0-9.27.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.27.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.27.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.27.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.27.1 libvirt-daemon-xen-4.0.0-9.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.27.1 wireshark-plugin-libvirt-4.0.0-9.27.1 wireshark-plugin-libvirt-debuginfo-4.0.0-9.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.27.1 libvirt-libs-4.0.0-9.27.1 libvirt-libs-debuginfo-4.0.0-9.27.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10166.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1136109 https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138302 https://bugzilla.suse.com/1138303 From sle-updates at lists.suse.com Fri Jun 21 10:13:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:13:37 +0200 (CEST) Subject: SUSE-SU-2019:14100-1: important: Security update for libvirt Message-ID: <20190621161337.93551FFC7@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14100-1 Rating: important References: #1138301 Cross-References: CVE-2019-10161 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libvirt-14100=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libvirt-14100=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libvirt-1.0.5.9-21.20.1 libvirt-client-1.0.5.9-21.20.1 libvirt-doc-1.0.5.9-21.20.1 libvirt-lock-sanlock-1.0.5.9-21.20.1 libvirt-python-1.0.5.9-21.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libvirt-debuginfo-1.0.5.9-21.20.1 libvirt-debugsource-1.0.5.9-21.20.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://bugzilla.suse.com/1138301 From sle-updates at lists.suse.com Fri Jun 21 10:14:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:14:16 +0200 (CEST) Subject: SUSE-SU-2019:14101-1: moderate: Security update for netpbm Message-ID: <20190621161416.B87EEFFC7@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14101-1 Rating: moderate References: #1024288 #1024291 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-netpbm-14101=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-netpbm-14101=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netpbm-14101=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-netpbm-14101=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libnetpbm10-10.26.44-101.15.5.2 netpbm-10.26.44-101.15.5.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libnetpbm10-32bit-10.26.44-101.15.5.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libnetpbm10-10.26.44-101.15.5.2 netpbm-10.26.44-101.15.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): netpbm-debuginfo-10.26.44-101.15.5.2 netpbm-debugsource-10.26.44-101.15.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): netpbm-debuginfo-10.26.44-101.15.5.2 netpbm-debugsource-10.26.44-101.15.5.2 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1136936 From sle-updates at lists.suse.com Fri Jun 21 10:15:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:15:18 +0200 (CEST) Subject: SUSE-RU-2019:1642-1: moderate: Security update for the Linux Kernel Message-ID: <20190621161518.28CD7FFC7@maintenance.suse.de> SUSE Recommended Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1642-1 Rating: moderate References: #1135344 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module RT 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following non-security bugs were fixed: - kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1642=1 - SUSE Linux Enterprise Module RT 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2019-1642=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-rt_debug-4.12.14-14.3.2 cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.3.2 dlm-kmp-rt_debug-4.12.14-14.3.2 dlm-kmp-rt_debug-debuginfo-4.12.14-14.3.2 gfs2-kmp-rt_debug-4.12.14-14.3.2 gfs2-kmp-rt_debug-debuginfo-4.12.14-14.3.2 kernel-rt-debuginfo-4.12.14-14.3.2 kernel-rt-debugsource-4.12.14-14.3.2 kernel-rt-extra-4.12.14-14.3.2 kernel-rt-extra-debuginfo-4.12.14-14.3.2 kernel-rt-livepatch-4.12.14-14.3.2 kernel-rt-livepatch-devel-4.12.14-14.3.2 kernel-rt_debug-4.12.14-14.3.2 kernel-rt_debug-base-4.12.14-14.3.2 kernel-rt_debug-base-debuginfo-4.12.14-14.3.2 kernel-rt_debug-debuginfo-4.12.14-14.3.2 kernel-rt_debug-debugsource-4.12.14-14.3.2 kernel-rt_debug-extra-4.12.14-14.3.2 kernel-rt_debug-extra-debuginfo-4.12.14-14.3.2 kernel-rt_debug-livepatch-4.12.14-14.3.2 kernel-rt_debug-livepatch-devel-4.12.14-14.3.2 kselftests-kmp-rt-4.12.14-14.3.2 kselftests-kmp-rt-debuginfo-4.12.14-14.3.2 kselftests-kmp-rt_debug-4.12.14-14.3.2 kselftests-kmp-rt_debug-debuginfo-4.12.14-14.3.2 ocfs2-kmp-rt_debug-4.12.14-14.3.2 ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.3.2 reiserfs-kmp-rt-4.12.14-14.3.2 reiserfs-kmp-rt-debuginfo-4.12.14-14.3.2 reiserfs-kmp-rt_debug-4.12.14-14.3.2 reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.3.2 - SUSE Linux Enterprise Module RT 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.3.2 cluster-md-kmp-rt-debuginfo-4.12.14-14.3.2 dlm-kmp-rt-4.12.14-14.3.2 dlm-kmp-rt-debuginfo-4.12.14-14.3.2 gfs2-kmp-rt-4.12.14-14.3.2 gfs2-kmp-rt-debuginfo-4.12.14-14.3.2 kernel-rt-4.12.14-14.3.2 kernel-rt-base-4.12.14-14.3.2 kernel-rt-base-debuginfo-4.12.14-14.3.2 kernel-rt-debuginfo-4.12.14-14.3.2 kernel-rt-debugsource-4.12.14-14.3.2 kernel-rt-devel-4.12.14-14.3.2 kernel-rt-devel-debuginfo-4.12.14-14.3.2 kernel-rt_debug-debuginfo-4.12.14-14.3.2 kernel-rt_debug-debugsource-4.12.14-14.3.2 kernel-rt_debug-devel-4.12.14-14.3.2 kernel-rt_debug-devel-debuginfo-4.12.14-14.3.2 kernel-syms-rt-4.12.14-14.3.1 ocfs2-kmp-rt-4.12.14-14.3.2 ocfs2-kmp-rt-debuginfo-4.12.14-14.3.2 - SUSE Linux Enterprise Module RT 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.3.1 kernel-source-rt-4.12.14-14.3.1 References: https://bugzilla.suse.com/1135344 From sle-updates at lists.suse.com Fri Jun 21 10:16:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:16:03 +0200 (CEST) Subject: SUSE-SU-2019:1643-1: important: Security update for libvirt Message-ID: <20190621161603.8CA3EFFC7@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1643-1 Rating: important References: #1138301 #1138302 #1138303 #1138305 Cross-References: CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). - CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators (bsc#1138305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1643=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1643=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1643=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-8.6.1 libvirt-admin-5.1.0-8.6.1 libvirt-admin-debuginfo-5.1.0-8.6.1 libvirt-client-5.1.0-8.6.1 libvirt-client-debuginfo-5.1.0-8.6.1 libvirt-daemon-5.1.0-8.6.1 libvirt-daemon-config-network-5.1.0-8.6.1 libvirt-daemon-config-nwfilter-5.1.0-8.6.1 libvirt-daemon-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-interface-5.1.0-8.6.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-lxc-5.1.0-8.6.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-network-5.1.0-8.6.1 libvirt-daemon-driver-network-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-nodedev-5.1.0-8.6.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-nwfilter-5.1.0-8.6.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-qemu-5.1.0-8.6.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-secret-5.1.0-8.6.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-5.1.0-8.6.1 libvirt-daemon-driver-storage-core-5.1.0-8.6.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-disk-5.1.0-8.6.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.6.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-logical-5.1.0-8.6.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-mpath-5.1.0-8.6.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.6.1 libvirt-daemon-driver-storage-scsi-5.1.0-8.6.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.6.1 libvirt-daemon-hooks-5.1.0-8.6.1 libvirt-daemon-lxc-5.1.0-8.6.1 libvirt-daemon-qemu-5.1.0-8.6.1 libvirt-debugsource-5.1.0-8.6.1 libvirt-devel-5.1.0-8.6.1 libvirt-lock-sanlock-5.1.0-8.6.1 libvirt-lock-sanlock-debuginfo-5.1.0-8.6.1 libvirt-nss-5.1.0-8.6.1 libvirt-nss-debuginfo-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-8.6.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): libvirt-daemon-driver-libxl-5.1.0-8.6.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.6.1 libvirt-daemon-xen-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): libvirt-bash-completion-5.1.0-8.6.1 libvirt-doc-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.6.1 wireshark-plugin-libvirt-5.1.0-8.6.1 wireshark-plugin-libvirt-debuginfo-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libvirt-devel-32bit-5.1.0-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.6.1 libvirt-libs-5.1.0-8.6.1 libvirt-libs-debuginfo-5.1.0-8.6.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10166.html https://www.suse.com/security/cve/CVE-2019-10167.html https://www.suse.com/security/cve/CVE-2019-10168.html https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138302 https://bugzilla.suse.com/1138303 https://bugzilla.suse.com/1138305 From sle-updates at lists.suse.com Fri Jun 21 10:17:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:17:03 +0200 (CEST) Subject: SUSE-RU-2019:1639-1: moderate: Recommended update for yast2-add-on Message-ID: <20190621161703.D97CCFFC7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1639-1 Rating: moderate References: #1055126 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-add-on provides the following fixes: - Update repository will be registered while installing an add-on on a running system. (bsc#1055126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1639=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-add-on-4.1.12-3.4.5 References: https://bugzilla.suse.com/1055126 From sle-updates at lists.suse.com Fri Jun 21 10:17:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 18:17:49 +0200 (CEST) Subject: SUSE-RU-2019:1641-1: Recommended rebuild for polkit-default-privs Message-ID: <20190621161749.30250FFC7@maintenance.suse.de> SUSE Recommended Update: Recommended rebuild for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1641-1 Rating: low References: #1138250 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update is a rebuild of rpmlint-mini with updated polkit-default-privs to include flatpak whitelisting. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1641=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1641=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.13.1 rpmlint-mini-debuginfo-1.8-2.13.1 rpmlint-mini-debugsource-1.8-2.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.13.1 rpmlint-mini-debuginfo-1.8-2.13.1 rpmlint-mini-debugsource-1.8-2.13.1 References: https://bugzilla.suse.com/1138250 From sle-updates at lists.suse.com Fri Jun 21 13:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:11:11 +0200 (CEST) Subject: SUSE-RU-2019:1646-1: moderate: Recommended update for NetworkManager-openvpn Message-ID: <20190621191111.2E7C0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager-openvpn ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1646-1 Rating: moderate References: #1132946 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager-openvpn fixes the following issues: - Enable missing whirlpool HMAC authentication (bsc#1132946) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1646=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1646=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): NetworkManager-openvpn-lang-1.8.2-4.3.2 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): NetworkManager-openvpn-1.8.2-4.3.2 NetworkManager-openvpn-debuginfo-1.8.2-4.3.2 NetworkManager-openvpn-debugsource-1.8.2-4.3.2 NetworkManager-openvpn-gnome-1.8.2-4.3.2 NetworkManager-openvpn-gnome-debuginfo-1.8.2-4.3.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): NetworkManager-openvpn-1.8.2-4.3.2 NetworkManager-openvpn-debuginfo-1.8.2-4.3.2 NetworkManager-openvpn-debugsource-1.8.2-4.3.2 NetworkManager-openvpn-gnome-1.8.2-4.3.2 NetworkManager-openvpn-gnome-debuginfo-1.8.2-4.3.2 - SUSE Linux Enterprise Workstation Extension 15 (noarch): NetworkManager-openvpn-lang-1.8.2-4.3.2 References: https://bugzilla.suse.com/1132946 From sle-updates at lists.suse.com Fri Jun 21 13:12:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:12:02 +0200 (CEST) Subject: SUSE-SU-2019:1644-1: important: Security update for java-1_8_0-ibm Message-ID: <20190621191202.B4589F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1644-1 Rating: important References: #1132728 #1132729 #1132732 #1132734 #1134718 Cross-References: CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1644=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1644=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1644=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1644=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1644=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1644=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1644=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1644=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1644=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1644=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1644=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-alsa-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-30.50.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-30.50.1 References: https://www.suse.com/security/cve/CVE-2019-10245.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2697.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1132734 https://bugzilla.suse.com/1134718 From sle-updates at lists.suse.com Fri Jun 21 13:13:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:13:21 +0200 (CEST) Subject: SUSE-SU-2019:1671-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) Message-ID: <20190621191321.573CEF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1671-1 Rating: important References: #1133191 #1136446 #1136935 #1137597 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1653=1 SUSE-SLE-SAP-12-SP2-2019-1654=1 SUSE-SLE-SAP-12-SP2-2019-1656=1 SUSE-SLE-SAP-12-SP2-2019-1669=1 SUSE-SLE-SAP-12-SP2-2019-1670=1 SUSE-SLE-SAP-12-SP2-2019-1671=1 SUSE-SLE-SAP-12-SP2-2019-1672=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1653=1 SUSE-SLE-SERVER-12-SP2-2019-1654=1 SUSE-SLE-SERVER-12-SP2-2019-1656=1 SUSE-SLE-SERVER-12-SP2-2019-1669=1 SUSE-SLE-SERVER-12-SP2-2019-1670=1 SUSE-SLE-SERVER-12-SP2-2019-1671=1 SUSE-SLE-SERVER-12-SP2-2019-1672=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1649=1 SUSE-SLE-Live-Patching-12-SP4-2019-1675=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1655=1 SUSE-SLE-Live-Patching-12-SP3-2019-1657=1 SUSE-SLE-Live-Patching-12-SP3-2019-1658=1 SUSE-SLE-Live-Patching-12-SP3-2019-1659=1 SUSE-SLE-Live-Patching-12-SP3-2019-1660=1 SUSE-SLE-Live-Patching-12-SP3-2019-1661=1 SUSE-SLE-Live-Patching-12-SP3-2019-1662=1 SUSE-SLE-Live-Patching-12-SP3-2019-1663=1 SUSE-SLE-Live-Patching-12-SP3-2019-1673=1 SUSE-SLE-Live-Patching-12-SP3-2019-1676=1 SUSE-SLE-Live-Patching-12-SP3-2019-1677=1 SUSE-SLE-Live-Patching-12-SP3-2019-1678=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-3-2.1 kgraft-patch-4_4_121-92_104-default-3-2.1 kgraft-patch-4_4_121-92_109-default-3-2.1 kgraft-patch-4_4_121-92_95-default-6-2.1 kgraft-patch-4_4_121-92_98-default-5-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_85-default-9-2.1 kgraft-patch-4_4_121-92_92-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-3-2.1 kgraft-patch-4_4_121-92_104-default-3-2.1 kgraft-patch-4_4_121-92_109-default-3-2.1 kgraft-patch-4_4_121-92_95-default-6-2.1 kgraft-patch-4_4_121-92_98-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_85-default-9-2.1 kgraft-patch-4_4_121-92_92-default-7-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_13-default-2-2.1 kgraft-patch-4_12_14-95_16-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_138-94_39-default-9-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-9-2.1 kgraft-patch-4_4_140-94_42-default-9-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-9-2.1 kgraft-patch-4_4_143-94_47-default-6-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-6-2.1 kgraft-patch-4_4_155-94_50-default-6-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-6-2.1 kgraft-patch-4_4_156-94_57-default-6-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-6-2.1 kgraft-patch-4_4_156-94_61-default-6-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-6-2.1 kgraft-patch-4_4_156-94_64-default-5-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-5-2.1 kgraft-patch-4_4_162-94_69-default-4-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-4-2.1 kgraft-patch-4_4_162-94_72-default-4-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-4-2.1 kgraft-patch-4_4_175-94_79-default-3-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-3-2.1 kgraft-patch-4_4_176-94_88-default-2-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-2-2.1 kgraft-patch-4_4_178-94_91-default-2-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137597 From sle-updates at lists.suse.com Fri Jun 21 13:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:14:29 +0200 (CEST) Subject: SUSE-SU-2019:1668-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) Message-ID: <20190621191429.0B5E0F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1668-1 Rating: important References: #1133191 #1136446 #1137597 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1650=1 SUSE-SLE-SAP-12-SP1-2019-1651=1 SUSE-SLE-SAP-12-SP1-2019-1652=1 SUSE-SLE-SAP-12-SP1-2019-1664=1 SUSE-SLE-SAP-12-SP1-2019-1668=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1650=1 SUSE-SLE-SERVER-12-SP1-2019-1651=1 SUSE-SLE-SERVER-12-SP1-2019-1652=1 SUSE-SLE-SERVER-12-SP1-2019-1664=1 SUSE-SLE-SERVER-12-SP1-2019-1668=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1665=1 SUSE-SLE-SERVER-12-2019-1667=1 SUSE-SLE-SERVER-12-2019-1680=1 SUSE-SLE-SERVER-12-2019-1681=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_104-default-7-2.1 kgraft-patch-3_12_74-60_64_104-xen-7-2.1 kgraft-patch-3_12_74-60_64_107-default-7-2.1 kgraft-patch-3_12_74-60_64_107-xen-7-2.1 kgraft-patch-3_12_74-60_64_110-default-3-2.1 kgraft-patch-3_12_74-60_64_110-xen-3-2.1 kgraft-patch-3_12_74-60_64_96-default-11-2.1 kgraft-patch-3_12_74-60_64_96-xen-11-2.1 kgraft-patch-3_12_74-60_64_99-default-9-2.1 kgraft-patch-3_12_74-60_64_99-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-7-2.1 kgraft-patch-3_12_74-60_64_104-xen-7-2.1 kgraft-patch-3_12_74-60_64_107-default-7-2.1 kgraft-patch-3_12_74-60_64_107-xen-7-2.1 kgraft-patch-3_12_74-60_64_110-default-3-2.1 kgraft-patch-3_12_74-60_64_110-xen-3-2.1 kgraft-patch-3_12_74-60_64_96-default-11-2.1 kgraft-patch-3_12_74-60_64_96-xen-11-2.1 kgraft-patch-3_12_74-60_64_99-default-9-2.1 kgraft-patch-3_12_74-60_64_99-xen-9-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_136-default-11-2.1 kgraft-patch-3_12_61-52_136-xen-11-2.1 kgraft-patch-3_12_61-52_141-default-9-2.1 kgraft-patch-3_12_61-52_141-xen-9-2.1 kgraft-patch-3_12_61-52_146-default-7-2.1 kgraft-patch-3_12_61-52_146-xen-7-2.1 kgraft-patch-3_12_61-52_149-default-3-2.1 kgraft-patch-3_12_61-52_149-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 From sle-updates at lists.suse.com Fri Jun 21 13:15:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:15:23 +0200 (CEST) Subject: SUSE-SU-2019:1645-1: moderate: Security update for netpbm Message-ID: <20190621191523.ADEF0F798@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1645-1 Rating: moderate References: #1024288 #1024291 #1086777 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1645=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1645=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1645=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1645=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1645=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1645=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://www.suse.com/security/cve/CVE-2018-8975.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1086777 https://bugzilla.suse.com/1136936 From sle-updates at lists.suse.com Fri Jun 21 13:16:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:16:30 +0200 (CEST) Subject: SUSE-RU-2019:1647-1: moderate: Recommended update for yast2-migration Message-ID: <20190621191630.94321F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1647-1 Rating: moderate References: #1138255 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-migration fixes the following issues: - Fixes for the openSUSE Leap to SLES migration with vendor and repository change. (jsc#SLE-7006) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1647=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-migration-4.1.2-7.3.2 References: https://bugzilla.suse.com/1138255 From sle-updates at lists.suse.com Fri Jun 21 13:17:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:17:09 +0200 (CEST) Subject: SUSE-SU-2019:1674-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP4) Message-ID: <20190621191709.8F837F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1674-1 Rating: important References: #1133191 #1135280 #1136446 #1136935 #1137597 Cross-References: CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1666=1 SUSE-SLE-Live-Patching-12-SP4-2019-1674=1 SUSE-SLE-Live-Patching-12-SP4-2019-1679=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-5-2.13.1 kgraft-patch-4_12_14-94_41-default-debuginfo-5-2.13.1 kgraft-patch-4_12_14-95_3-default-4-2.1 kgraft-patch-4_12_14-95_6-default-3-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-5-2.13.1 References: https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1135280 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137597 From sle-updates at lists.suse.com Fri Jun 21 13:18:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jun 2019 21:18:13 +0200 (CEST) Subject: SUSE-SU-2019:1648-1: moderate: Recommended update for evince Message-ID: <20190621191813.A1310F798@maintenance.suse.de> SUSE Security Update: Recommended update for evince ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1648-1 Rating: moderate References: #1122794 #1133037 Cross-References: CVE-2019-11459 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for evince provides the following fixes: Security issue fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of unitialized use of memory (bsc#1133037). Other issue addressed: - Removed Supplements from psdocument package, so that it isn't pulled in by default (bsc#1122794). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1648=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1648=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1648=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1648=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-debugsource-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-comicsdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-debugsource-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-comicsdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): evince-3.26.0+20180128.1bd86963-4.7.3 evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-debugsource-3.26.0+20180128.1bd86963-4.7.3 evince-devel-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-djvudocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-dvidocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-pdfdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-psdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-tiffdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-xpsdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 libevdocument3-4-debuginfo-3.26.0+20180128.1bd86963-4.7.3 libevview3-3-3.26.0+20180128.1bd86963-4.7.3 libevview3-3-debuginfo-3.26.0+20180128.1bd86963-4.7.3 nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 nautilus-evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): evince-lang-3.26.0+20180128.1bd86963-4.7.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): evince-3.26.0+20180128.1bd86963-4.7.3 evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-debugsource-3.26.0+20180128.1bd86963-4.7.3 evince-devel-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-djvudocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-djvudocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-dvidocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-dvidocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-pdfdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-psdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-psdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-tiffdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-4.7.3 evince-plugin-xpsdocument-debuginfo-3.26.0+20180128.1bd86963-4.7.3 libevdocument3-4-3.26.0+20180128.1bd86963-4.7.3 libevdocument3-4-debuginfo-3.26.0+20180128.1bd86963-4.7.3 libevview3-3-3.26.0+20180128.1bd86963-4.7.3 libevview3-3-debuginfo-3.26.0+20180128.1bd86963-4.7.3 nautilus-evince-3.26.0+20180128.1bd86963-4.7.3 nautilus-evince-debuginfo-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-4.7.3 typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-4.7.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): evince-lang-3.26.0+20180128.1bd86963-4.7.3 References: https://www.suse.com/security/cve/CVE-2019-11459.html https://bugzilla.suse.com/1122794 https://bugzilla.suse.com/1133037 From sle-updates at lists.suse.com Sat Jun 22 10:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jun 2019 18:11:27 +0200 (CEST) Subject: SUSE-SU-2019:1682-1: important: Security update for MozillaFirefox Message-ID: <20190622161127.3B537F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1682-1 Rating: important References: #1138872 Cross-References: CVE-2019-11708 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1682=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1682=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1682=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1682=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.2-3.48.1 MozillaFirefox-debuginfo-60.7.2-3.48.1 MozillaFirefox-debugsource-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.7.2-3.48.1 MozillaFirefox-debuginfo-60.7.2-3.48.1 MozillaFirefox-debugsource-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.2-3.48.1 MozillaFirefox-debuginfo-60.7.2-3.48.1 MozillaFirefox-debugsource-60.7.2-3.48.1 MozillaFirefox-translations-common-60.7.2-3.48.1 MozillaFirefox-translations-other-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.7.2-3.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.2-3.48.1 MozillaFirefox-debuginfo-60.7.2-3.48.1 MozillaFirefox-debugsource-60.7.2-3.48.1 MozillaFirefox-devel-60.7.2-3.48.1 MozillaFirefox-translations-common-60.7.2-3.48.1 MozillaFirefox-translations-other-60.7.2-3.48.1 References: https://www.suse.com/security/cve/CVE-2019-11708.html https://bugzilla.suse.com/1138872 From sle-updates at lists.suse.com Sat Jun 22 13:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jun 2019 21:10:50 +0200 (CEST) Subject: SUSE-SU-2019:1683-1: important: Security update for MozillaThunderbird Message-ID: <20190622191050.3761FF7C7@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1683-1 Rating: important References: #1137595 #1138872 Cross-References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Security issues fixed: - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). - CVE-2019-11707: Fixed a type confusion in Array.pop (bsc#1138872). - CVE-2019-11708: Fixed a sandbox escape using Prompt:Open (bsc#1138872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1683=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1683=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.7.2-3.43.1 MozillaThunderbird-debuginfo-60.7.2-3.43.1 MozillaThunderbird-debugsource-60.7.2-3.43.1 MozillaThunderbird-translations-common-60.7.2-3.43.1 MozillaThunderbird-translations-other-60.7.2-3.43.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.7.2-3.43.1 MozillaThunderbird-debuginfo-60.7.2-3.43.1 MozillaThunderbird-debugsource-60.7.2-3.43.1 MozillaThunderbird-translations-common-60.7.2-3.43.1 MozillaThunderbird-translations-other-60.7.2-3.43.1 References: https://www.suse.com/security/cve/CVE-2019-11703.html https://www.suse.com/security/cve/CVE-2019-11704.html https://www.suse.com/security/cve/CVE-2019-11705.html https://www.suse.com/security/cve/CVE-2019-11706.html https://www.suse.com/security/cve/CVE-2019-11707.html https://www.suse.com/security/cve/CVE-2019-11708.html https://bugzilla.suse.com/1137595 https://bugzilla.suse.com/1138872 From sle-updates at lists.suse.com Sat Jun 22 13:11:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Jun 2019 21:11:52 +0200 (CEST) Subject: SUSE-SU-2019:1684-1: important: Security update for MozillaFirefox Message-ID: <20190622191152.D80B4F7C7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1684-1 Rating: important References: #1138872 Cross-References: CVE-2019-11708 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1684=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1684=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1684=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1684=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1684=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1684=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1684=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1684=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1684=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1684=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1684=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1684=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1684=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1684=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1684=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1684=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1684=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1684=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1684=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1684=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1684=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Enterprise Storage 5 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.7.2-109.80.1 MozillaFirefox-debuginfo-60.7.2-109.80.1 MozillaFirefox-debugsource-60.7.2-109.80.1 MozillaFirefox-devel-60.7.2-109.80.1 MozillaFirefox-translations-common-60.7.2-109.80.1 References: https://www.suse.com/security/cve/CVE-2019-11708.html https://bugzilla.suse.com/1138872 From sle-updates at lists.suse.com Mon Jun 24 07:26:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 15:26:00 +0200 (CEST) Subject: SUSE-SU-2019:14102-1: important: Security update for glib2 Message-ID: <20190624132600.65BB5F798@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14102-1 Rating: important References: #1137001 Cross-References: CVE-2019-12450 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-glib2-14102=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glib2-14102=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glib2-14102=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glib2-14102=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): glib2-2.22.5-0.8.39.1 glib2-doc-2.22.5-0.8.39.1 glib2-lang-2.22.5-0.8.39.1 libgio-2_0-0-2.22.5-0.8.39.1 libglib-2_0-0-2.22.5-0.8.39.1 libgmodule-2_0-0-2.22.5-0.8.39.1 libgobject-2_0-0-2.22.5-0.8.39.1 libgthread-2_0-0-2.22.5-0.8.39.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.39.1 libglib-2_0-0-32bit-2.22.5-0.8.39.1 libgmodule-2_0-0-32bit-2.22.5-0.8.39.1 libgobject-2_0-0-32bit-2.22.5-0.8.39.1 libgthread-2_0-0-32bit-2.22.5-0.8.39.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glib2-2.22.5-0.8.39.1 glib2-doc-2.22.5-0.8.39.1 glib2-lang-2.22.5-0.8.39.1 libgio-2_0-0-2.22.5-0.8.39.1 libglib-2_0-0-2.22.5-0.8.39.1 libgmodule-2_0-0-2.22.5-0.8.39.1 libgobject-2_0-0-2.22.5-0.8.39.1 libgthread-2_0-0-2.22.5-0.8.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): glib2-debuginfo-2.22.5-0.8.39.1 glib2-debugsource-2.22.5-0.8.39.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): glib2-debuginfo-2.22.5-0.8.39.1 glib2-debugsource-2.22.5-0.8.39.1 References: https://www.suse.com/security/cve/CVE-2019-12450.html https://bugzilla.suse.com/1137001 From sle-updates at lists.suse.com Mon Jun 24 07:37:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 15:37:29 +0200 (CEST) Subject: SUSE-SU-2019:1574-2: important: Security update for samba Message-ID: <20190624133729.C4168F798@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1574-2 Rating: important References: #1125601 #1130245 #1134452 #1134697 #1137815 Cross-References: CVE-2019-12435 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed: - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-1574=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.176.375e1f05788-3.6.1 samba-ceph-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debuginfo-4.9.5+git.176.375e1f05788-3.6.1 samba-debugsource-4.9.5+git.176.375e1f05788-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-12435.html https://bugzilla.suse.com/1125601 https://bugzilla.suse.com/1130245 https://bugzilla.suse.com/1134452 https://bugzilla.suse.com/1134697 https://bugzilla.suse.com/1137815 From sle-updates at lists.suse.com Mon Jun 24 10:13:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 18:13:41 +0200 (CEST) Subject: SUSE-RU-2019:1688-1: important: Recommended update for POS_Image-Graphical5, POS_Image-JeOS5, POS_Image3 Message-ID: <20190624161341.4F77AF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image-Graphical5, POS_Image-JeOS5, POS_Image3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1688-1 Rating: important References: #1134345 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Image-Graphical5, POS_Image-JeOS5 and POS_Image3 fixes the following issue: - fix local boot on UEFI machines (bsc#1134345) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1688=1 Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): POS_Image-Graphical5-5.0.0-5.6.1 POS_Image-JeOS5-5.0.0-5.6.1 POS_Image-Netboot-hooks-3.4.0-6.6.1 POS_Image-Tools-3.4.0-6.6.1 POS_Image3-3.7.1-6.6.1 References: https://bugzilla.suse.com/1134345 From sle-updates at lists.suse.com Mon Jun 24 10:14:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 18:14:53 +0200 (CEST) Subject: SUSE-SU-2019:1687-1: moderate: Security update for postgresql96 Message-ID: <20190624161453.1AC3BF798@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1687-1 Rating: moderate References: #1134689 Cross-References: CVE-2019-10130 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1687=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1687=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1687=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.13-3.25.1 postgresql96-devel-debuginfo-9.6.13-3.25.1 postgresql96-libs-debugsource-9.6.13-3.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-9.6.13-3.25.1 postgresql96-contrib-9.6.13-3.25.1 postgresql96-contrib-debuginfo-9.6.13-3.25.1 postgresql96-debuginfo-9.6.13-3.25.1 postgresql96-debugsource-9.6.13-3.25.1 postgresql96-libs-debugsource-9.6.13-3.25.1 postgresql96-server-9.6.13-3.25.1 postgresql96-server-debuginfo-9.6.13-3.25.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql96-docs-9.6.13-3.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): postgresql96-9.6.13-3.25.1 postgresql96-debuginfo-9.6.13-3.25.1 postgresql96-debugsource-9.6.13-3.25.1 postgresql96-libs-debugsource-9.6.13-3.25.1 References: https://www.suse.com/security/cve/CVE-2019-10130.html https://bugzilla.suse.com/1134689 From sle-updates at lists.suse.com Mon Jun 24 10:16:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 18:16:10 +0200 (CEST) Subject: SUSE-SU-2019:1686-1: important: Security update for libvirt Message-ID: <20190624161610.43DAFF798@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1686-1 Rating: important References: #1138301 #1138303 Cross-References: CVE-2019-10161 CVE-2019-10167 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1686=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1686=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libvirt-1.2.18.4-22.13.1 libvirt-client-1.2.18.4-22.13.1 libvirt-client-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-1.2.18.4-22.13.1 libvirt-daemon-config-network-1.2.18.4-22.13.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.13.1 libvirt-daemon-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-interface-1.2.18.4-22.13.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-libxl-1.2.18.4-22.13.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-lxc-1.2.18.4-22.13.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-network-1.2.18.4-22.13.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.13.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.13.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-qemu-1.2.18.4-22.13.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-secret-1.2.18.4-22.13.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-storage-1.2.18.4-22.13.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-lxc-1.2.18.4-22.13.1 libvirt-daemon-qemu-1.2.18.4-22.13.1 libvirt-daemon-xen-1.2.18.4-22.13.1 libvirt-debugsource-1.2.18.4-22.13.1 libvirt-doc-1.2.18.4-22.13.1 libvirt-lock-sanlock-1.2.18.4-22.13.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libvirt-1.2.18.4-22.13.1 libvirt-client-1.2.18.4-22.13.1 libvirt-client-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-1.2.18.4-22.13.1 libvirt-daemon-config-network-1.2.18.4-22.13.1 libvirt-daemon-config-nwfilter-1.2.18.4-22.13.1 libvirt-daemon-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-interface-1.2.18.4-22.13.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-lxc-1.2.18.4-22.13.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-network-1.2.18.4-22.13.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-nodedev-1.2.18.4-22.13.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-nwfilter-1.2.18.4-22.13.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-qemu-1.2.18.4-22.13.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-secret-1.2.18.4-22.13.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-driver-storage-1.2.18.4-22.13.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-lxc-1.2.18.4-22.13.1 libvirt-daemon-qemu-1.2.18.4-22.13.1 libvirt-debugsource-1.2.18.4-22.13.1 libvirt-doc-1.2.18.4-22.13.1 libvirt-lock-sanlock-1.2.18.4-22.13.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-22.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-22.13.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.13.1 libvirt-daemon-xen-1.2.18.4-22.13.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138303 From sle-updates at lists.suse.com Mon Jun 24 13:13:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 21:13:22 +0200 (CEST) Subject: SUSE-RU-2019:1691-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190624191322.06526FDA0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1691-1 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1118492 #1120242 #1125610 #1125744 #1128529 #1128564 #1129243 #1129300 #1130041 #1130077 #1131677 #1132346 #1133424 #1134876 #1136102 #1138130 #987798 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update fixes the following issues: koan: - Require virt-install only for RHEL6/7. Other distributions accepting Recommends must use it as virt-install is not available sometimes (for example SLED) - Change virt-install from Reccommends to Require because this fixes RHEL 6 & 7 - Fix regex error in the files section - Remove Recursion in python_sitelib and remove non relevant parts of the specfile - Replace python2_sitelib macro with python_sitelib to fix build on older distros. - Remove duplicate file section entrys - Adjust Group Tag to Development/Libraries/Python to satisfy linter prometheus-node_exporter: - Add the package to the SLE Basesytem module. (fate#327287) rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Add compatibility with Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-1691=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1691=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1691=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1691=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-1.3.16 golang-github-boynux-squid_exporter-debuginfo-1.6-1.3.16 golang-github-lusitaniae-apache_exporter-0.5.0-1.3.16 golang-github-lusitaniae-apache_exporter-debuginfo-0.5.0-1.3.16 golang-github-wrouesnel-postgres_exporter-0.4.7-1.3.15 - SUSE Manager Tools 15 (noarch): koan-2.9.0-4.9.9 mgr-cfg-4.0.8-1.3.18 mgr-cfg-actions-4.0.8-1.3.18 mgr-cfg-client-4.0.8-1.3.18 mgr-cfg-management-4.0.8-1.3.18 mgr-custom-info-4.0.5-1.3.18 mgr-daemon-4.0.6-1.5.1 mgr-osad-4.0.8-1.3.17 mgr-push-4.0.6-1.3.18 mgr-virtualization-host-4.0.6-1.3.21 python3-mgr-cfg-4.0.8-1.3.18 python3-mgr-cfg-actions-4.0.8-1.3.18 python3-mgr-cfg-client-4.0.8-1.3.18 python3-mgr-cfg-management-4.0.8-1.3.18 python3-mgr-osa-common-4.0.8-1.3.17 python3-mgr-osad-4.0.8-1.3.17 python3-mgr-push-4.0.6-1.3.18 python3-mgr-virtualization-common-4.0.6-1.3.21 python3-mgr-virtualization-host-4.0.6-1.3.21 python3-rhnlib-4.0.8-3.3.16 python3-spacewalk-backend-libs-4.0.17-3.18.19 python3-spacewalk-check-4.0.9-3.8.1 python3-spacewalk-client-setup-4.0.9-3.8.1 python3-spacewalk-client-tools-4.0.9-3.8.1 python3-spacewalk-koan-4.0.5-3.3.16 python3-spacewalk-oscap-4.0.5-3.3.17 python3-spacewalk-usix-4.0.9-3.3.16 python3-suseRegisterInfo-4.0.4-3.3.16 python3-zypp-plugin-spacewalk-1.0.5-3.6.9 spacecmd-4.0.11-3.21.16 spacewalk-check-4.0.9-3.8.1 spacewalk-client-setup-4.0.9-3.8.1 spacewalk-client-tools-4.0.9-3.8.1 spacewalk-koan-4.0.5-3.3.16 spacewalk-oscap-4.0.5-3.3.17 spacewalk-remote-utils-4.0.4-3.6.17 supportutils-plugin-susemanager-client-4.0.2-3.3.15 suseRegisterInfo-4.0.4-3.3.16 zypp-plugin-spacewalk-1.0.5-3.6.9 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-rhnlib-4.0.8-3.3.16 python2-spacewalk-check-4.0.9-3.8.1 python2-spacewalk-client-setup-4.0.9-3.8.1 python2-spacewalk-client-tools-4.0.9-3.8.1 python2-spacewalk-koan-4.0.5-3.3.16 python2-spacewalk-oscap-4.0.5-3.3.17 python2-suseRegisterInfo-4.0.4-3.3.16 python2-zypp-plugin-spacewalk-1.0.5-3.6.9 spacecmd-4.0.11-3.21.16 spacewalk-backend-4.0.17-3.18.19 spacewalk-backend-app-4.0.17-3.18.19 spacewalk-backend-applet-4.0.17-3.18.19 spacewalk-backend-cdn-4.0.17-3.18.19 spacewalk-backend-config-files-4.0.17-3.18.19 spacewalk-backend-config-files-common-4.0.17-3.18.19 spacewalk-backend-config-files-tool-4.0.17-3.18.19 spacewalk-backend-iss-4.0.17-3.18.19 spacewalk-backend-iss-export-4.0.17-3.18.19 spacewalk-backend-libs-4.0.17-3.18.19 spacewalk-backend-package-push-server-4.0.17-3.18.19 spacewalk-backend-server-4.0.17-3.18.19 spacewalk-backend-sql-4.0.17-3.18.19 spacewalk-backend-sql-oracle-4.0.17-3.18.19 spacewalk-backend-sql-postgresql-4.0.17-3.18.19 spacewalk-backend-tools-4.0.17-3.18.19 spacewalk-backend-xml-export-libs-4.0.17-3.18.19 spacewalk-backend-xmlrpc-4.0.17-3.18.19 spacewalk-usix-4.0.9-3.3.16 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-rhnlib-4.0.8-3.3.16 python2-spacewalk-check-4.0.9-3.8.1 python2-spacewalk-client-setup-4.0.9-3.8.1 python2-spacewalk-client-tools-4.0.9-3.8.1 python2-spacewalk-koan-4.0.5-3.3.16 python2-spacewalk-oscap-4.0.5-3.3.17 python2-suseRegisterInfo-4.0.4-3.3.16 python2-zypp-plugin-spacewalk-1.0.5-3.6.9 python3-spacewalk-usix-4.0.9-3.3.16 spacecmd-4.0.11-3.21.16 spacewalk-backend-4.0.17-3.18.19 spacewalk-backend-app-4.0.17-3.18.19 spacewalk-backend-applet-4.0.17-3.18.19 spacewalk-backend-cdn-4.0.17-3.18.19 spacewalk-backend-config-files-4.0.17-3.18.19 spacewalk-backend-config-files-common-4.0.17-3.18.19 spacewalk-backend-config-files-tool-4.0.17-3.18.19 spacewalk-backend-iss-4.0.17-3.18.19 spacewalk-backend-iss-export-4.0.17-3.18.19 spacewalk-backend-libs-4.0.17-3.18.19 spacewalk-backend-package-push-server-4.0.17-3.18.19 spacewalk-backend-server-4.0.17-3.18.19 spacewalk-backend-sql-4.0.17-3.18.19 spacewalk-backend-sql-oracle-4.0.17-3.18.19 spacewalk-backend-sql-postgresql-4.0.17-3.18.19 spacewalk-backend-tools-4.0.17-3.18.19 spacewalk-backend-xml-export-libs-4.0.17-3.18.19 spacewalk-backend-xmlrpc-4.0.17-3.18.19 spacewalk-usix-4.0.9-3.3.16 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-3.3.15 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130041 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1132346 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1136102 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Mon Jun 24 13:18:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jun 2019 21:18:02 +0200 (CEST) Subject: SUSE-SU-2019:1690-1: important: Security update for libvirt Message-ID: <20190624191802.0B483FDA0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1690-1 Rating: important References: #1138301 Cross-References: CVE-2019-10161 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issue: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1690=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libvirt-1.2.5-27.19.1 libvirt-client-1.2.5-27.19.1 libvirt-client-debuginfo-1.2.5-27.19.1 libvirt-daemon-1.2.5-27.19.1 libvirt-daemon-config-network-1.2.5-27.19.1 libvirt-daemon-config-nwfilter-1.2.5-27.19.1 libvirt-daemon-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-interface-1.2.5-27.19.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-lxc-1.2.5-27.19.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-network-1.2.5-27.19.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-nodedev-1.2.5-27.19.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-nwfilter-1.2.5-27.19.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-qemu-1.2.5-27.19.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-secret-1.2.5-27.19.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.19.1 libvirt-daemon-driver-storage-1.2.5-27.19.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.19.1 libvirt-daemon-lxc-1.2.5-27.19.1 libvirt-daemon-qemu-1.2.5-27.19.1 libvirt-debugsource-1.2.5-27.19.1 libvirt-doc-1.2.5-27.19.1 libvirt-lock-sanlock-1.2.5-27.19.1 libvirt-lock-sanlock-debuginfo-1.2.5-27.19.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libvirt-daemon-driver-libxl-1.2.5-27.19.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.19.1 libvirt-daemon-xen-1.2.5-27.19.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://bugzilla.suse.com/1138301 From sle-updates at lists.suse.com Mon Jun 24 16:10:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 00:10:47 +0200 (CEST) Subject: SUSE-SU-2019:1692-1: important: Security update for the Linux Kernel Message-ID: <20190624221047.64C4CFDCE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1692-1 Rating: important References: #1090078 #1110785 #1113769 #1120843 #1120885 #1125580 #1125931 #1131543 #1131587 #1132374 #1132472 #1134848 #1135281 #1136424 #1136446 #1137586 Cross-References: CVE-2018-17972 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11833 CVE-2019-11884 CVE-2019-3846 CVE-2019-5489 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may have been able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - lib: add "on"/"off" support to strtobool (bsc#1125931). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1125580). - powerpc/tm: Add TM Unavailable Exception (bsc#1125580). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1692=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1692=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.154.1 kernel-default-base-3.12.61-52.154.1 kernel-default-base-debuginfo-3.12.61-52.154.1 kernel-default-debuginfo-3.12.61-52.154.1 kernel-default-debugsource-3.12.61-52.154.1 kernel-default-devel-3.12.61-52.154.1 kernel-syms-3.12.61-52.154.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.154.1 kernel-macros-3.12.61-52.154.1 kernel-source-3.12.61-52.154.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.154.1 kernel-xen-base-3.12.61-52.154.1 kernel-xen-base-debuginfo-3.12.61-52.154.1 kernel-xen-debuginfo-3.12.61-52.154.1 kernel-xen-debugsource-3.12.61-52.154.1 kernel-xen-devel-3.12.61-52.154.1 kgraft-patch-3_12_61-52_154-default-1-1.5.1 kgraft-patch-3_12_61-52_154-xen-1-1.5.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.154.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.154.1 kernel-ec2-debuginfo-3.12.61-52.154.1 kernel-ec2-debugsource-3.12.61-52.154.1 kernel-ec2-devel-3.12.61-52.154.1 kernel-ec2-extra-3.12.61-52.154.1 kernel-ec2-extra-debuginfo-3.12.61-52.154.1 References: https://www.suse.com/security/cve/CVE-2018-17972.html https://www.suse.com/security/cve/CVE-2019-11190.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-5489.html https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1110785 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120885 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1125931 https://bugzilla.suse.com/1131543 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1132374 https://bugzilla.suse.com/1132472 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137586 From sle-updates at lists.suse.com Tue Jun 25 07:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 15:11:14 +0200 (CEST) Subject: SUSE-SU-2019:1693-1: moderate: Security update for tomcat Message-ID: <20190625131114.89F72FDCE@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1693-1 Rating: moderate References: #1111966 #1131055 #1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for tomcat to version 9.0.20 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). Non-security issues fixed: - Increase maximum number of threads and open files for tomcat (bsc#1111966). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1693=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1693=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.20-3.24.2 tomcat-admin-webapps-9.0.20-3.24.2 tomcat-el-3_0-api-9.0.20-3.24.2 tomcat-jsp-2_3-api-9.0.20-3.24.2 tomcat-lib-9.0.20-3.24.2 tomcat-servlet-4_0-api-9.0.20-3.24.2 tomcat-webapps-9.0.20-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.20-3.24.2 tomcat-embed-9.0.20-3.24.2 tomcat-javadoc-9.0.20-3.24.2 tomcat-jsvc-9.0.20-3.24.2 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://www.suse.com/security/cve/CVE-2019-0221.html https://bugzilla.suse.com/1111966 https://bugzilla.suse.com/1131055 https://bugzilla.suse.com/1136085 From sle-updates at lists.suse.com Tue Jun 25 10:11:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:11:28 +0200 (CEST) Subject: SUSE-RU-2019:1698-1: moderate: Recommended update for targetcli-fb Message-ID: <20190625161128.4CB0FFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1698-1 Rating: moderate References: #1121998 #1123423 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for targetcli-fb provides the following fixes: - Support changes on the emulate_pr attribute. (bsc#1121998) - Ensure targetcli and deprecated lio-utils package do not run at the same time. (bsc#1123423) - Updated the SPEC file with year, URL, and https. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1698=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1698=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-targetcli-fb-2.1.49-10.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-targetcli-fb-2.1.49-10.3.4 targetcli-fb-common-2.1.49-10.3.4 References: https://bugzilla.suse.com/1121998 https://bugzilla.suse.com/1123423 From sle-updates at lists.suse.com Tue Jun 25 10:12:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:12:16 +0200 (CEST) Subject: SUSE-RU-2019:1702-1: moderate: Recommended update for yast2-schema Message-ID: <20190625161216.A62DFFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-schema ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1702-1 Rating: moderate References: #1128707 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-schema provides the following fixes: - Update required version of yast2-bootloader to handle missing tags cpu_mitigations and smt in bootloader. (bsc#1128707) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1702=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-schema-4.1.7-3.3.8 References: https://bugzilla.suse.com/1128707 From sle-updates at lists.suse.com Tue Jun 25 10:12:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:12:56 +0200 (CEST) Subject: SUSE-RU-2019:1710-1: moderate: Recommended update for Salt Message-ID: <20190625161256.3FDF2FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1710-1 Rating: moderate References: #1102819 #1121439 #1122680 #1125015 #1128061 #1129079 #1130784 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update includes the following new features: - Update to 2019.2.0 release (fate#327138, bsc#1133523) This update fixes the following issues: salt: - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (fate#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-1710=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1710=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1710=1 Package List: - SUSE Manager Tools 15 (x86_64): python2-salt-2019.2.0-5.41.1 python3-salt-2019.2.0-5.41.1 salt-2019.2.0-5.41.1 salt-doc-2019.2.0-5.41.1 salt-minion-2019.2.0-5.41.1 - SUSE Manager Tools 15 (noarch): salt-bash-completion-2019.2.0-5.41.1 salt-zsh-completion-2019.2.0-5.41.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2019.2.0-5.41.1 salt-cloud-2019.2.0-5.41.1 salt-master-2019.2.0-5.41.1 salt-proxy-2019.2.0-5.41.1 salt-ssh-2019.2.0-5.41.1 salt-syndic-2019.2.0-5.41.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2019.2.0-5.41.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-5.41.1 python3-salt-2019.2.0-5.41.1 salt-2019.2.0-5.41.1 salt-doc-2019.2.0-5.41.1 salt-minion-2019.2.0-5.41.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2019.2.0-5.41.1 salt-zsh-completion-2019.2.0-5.41.1 References: https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130784 From sle-updates at lists.suse.com Tue Jun 25 10:14:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:14:25 +0200 (CEST) Subject: SUSE-RU-2019:1699-1: moderate: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20190625161425.395DCFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1699-1 Rating: moderate References: #1138109 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager release notes fixes the following issues: - Update Monitoring section. (bsc#1138109) - Update stylesheet. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-1699=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2019-1699=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2019-1699=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1699=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.0-3.11.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.0-0.16.11.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.0-0.16.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0.0-3.11.1 release-notes-susemanager-proxy-4.0.0-0.16.11.1 References: https://bugzilla.suse.com/1138109 From sle-updates at lists.suse.com Tue Jun 25 10:15:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:15:03 +0200 (CEST) Subject: SUSE-RU-2019:14108-1: moderate: Recommended update for Salt Message-ID: <20190625161503.7C8FCFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14108-1 Rating: moderate References: #1102819 #1121439 #1122680 #1125015 #1128061 #1129079 #1130784 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update includes the following new features: - Update to 2019.2.0 release (fate#327138, bsc#1133523) This update fixes the following issues: salt: - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (fate#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues - Fixes typo in depedency: e2fsprogs - Adds missing dependencies to salt-common: python-concurrent.futures Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-201905-14108=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-2019.2.0+ds-1 salt-minion-2019.2.0+ds-1 References: https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130784 From sle-updates at lists.suse.com Tue Jun 25 10:16:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:16:25 +0200 (CEST) Subject: SUSE-RU-2019:14103-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190625161625.7D365FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14103-1 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1118492 #1120242 #1125610 #1125744 #1128529 #1128564 #1129243 #1129300 #1130077 #1131677 #1132346 #1133424 #1134876 #1136102 #1138130 #987798 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update fixes the following issues: rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Add compatibility with Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201905-14103=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201905-14103=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.0.8-5.3.9 mgr-cfg-actions-4.0.8-5.3.9 mgr-cfg-client-4.0.8-5.3.9 mgr-cfg-management-4.0.8-5.3.9 mgr-custom-info-4.0.5-5.3.9 mgr-daemon-4.0.6-5.5.1 mgr-daemon-debuginfo-4.0.6-5.5.1 mgr-daemon-debugsource-4.0.6-5.5.1 mgr-osad-4.0.8-5.3.8 mgr-push-4.0.6-5.3.9 mgr-virtualization-host-4.0.6-5.3.9 python2-mgr-cfg-4.0.8-5.3.9 python2-mgr-cfg-actions-4.0.8-5.3.9 python2-mgr-cfg-client-4.0.8-5.3.9 python2-mgr-cfg-management-4.0.8-5.3.9 python2-mgr-osa-common-4.0.8-5.3.8 python2-mgr-osad-4.0.8-5.3.8 python2-mgr-push-4.0.6-5.3.9 python2-mgr-virtualization-common-4.0.6-5.3.9 python2-mgr-virtualization-host-4.0.6-5.3.9 python2-rhnlib-4.0.8-12.9.7 python2-spacewalk-check-4.0.9-27.17.1 python2-spacewalk-client-setup-4.0.9-27.17.1 python2-spacewalk-client-tools-4.0.9-27.17.1 python2-spacewalk-koan-4.0.5-9.6.8 python2-spacewalk-oscap-4.0.5-6.9.8 python2-suseRegisterInfo-4.0.4-6.6.7 python2-zypp-plugin-spacewalk-1.0.5-27.9.5 spacecmd-4.0.11-18.46.8 spacewalk-backend-libs-4.0.17-28.37.7 spacewalk-check-4.0.9-27.17.1 spacewalk-client-setup-4.0.9-27.17.1 spacewalk-client-tools-4.0.9-27.17.1 spacewalk-koan-4.0.5-9.6.8 spacewalk-oscap-4.0.5-6.9.8 spacewalk-usix-4.0.9-3.6.7 suseRegisterInfo-4.0.4-6.6.7 zypp-plugin-spacewalk-1.0.5-27.9.5 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): kiwi-desc-saltboot-0.1.1556553492.2bfae0b-5.3.8 spacewalk-remote-utils-4.0.4-6.9.7 supportutils-plugin-susemanager-client-4.0.2-9.9.7 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.0.8-5.3.9 mgr-cfg-actions-4.0.8-5.3.9 mgr-cfg-client-4.0.8-5.3.9 mgr-cfg-management-4.0.8-5.3.9 mgr-custom-info-4.0.5-5.3.9 mgr-daemon-4.0.6-5.5.1 mgr-daemon-debuginfo-4.0.6-5.5.1 mgr-daemon-debugsource-4.0.6-5.5.1 mgr-osad-4.0.8-5.3.8 mgr-push-4.0.6-5.3.9 mgr-virtualization-host-4.0.6-5.3.9 python2-mgr-cfg-4.0.8-5.3.9 python2-mgr-cfg-actions-4.0.8-5.3.9 python2-mgr-cfg-client-4.0.8-5.3.9 python2-mgr-cfg-management-4.0.8-5.3.9 python2-mgr-osa-common-4.0.8-5.3.8 python2-mgr-osad-4.0.8-5.3.8 python2-mgr-push-4.0.6-5.3.9 python2-mgr-virtualization-common-4.0.6-5.3.9 python2-mgr-virtualization-host-4.0.6-5.3.9 python2-rhnlib-4.0.8-12.9.7 python2-spacewalk-check-4.0.9-27.17.1 python2-spacewalk-client-setup-4.0.9-27.17.1 python2-spacewalk-client-tools-4.0.9-27.17.1 python2-spacewalk-koan-4.0.5-9.6.8 python2-spacewalk-oscap-4.0.5-6.9.8 python2-suseRegisterInfo-4.0.4-6.6.7 python2-zypp-plugin-spacewalk-1.0.5-27.9.5 spacecmd-4.0.11-18.46.8 spacewalk-backend-libs-4.0.17-28.37.7 spacewalk-check-4.0.9-27.17.1 spacewalk-client-setup-4.0.9-27.17.1 spacewalk-client-tools-4.0.9-27.17.1 spacewalk-koan-4.0.5-9.6.8 spacewalk-oscap-4.0.5-6.9.8 spacewalk-usix-4.0.9-3.6.7 suseRegisterInfo-4.0.4-6.6.7 zypp-plugin-spacewalk-1.0.5-27.9.5 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): kiwi-desc-saltboot-0.1.1556553492.2bfae0b-5.3.8 spacewalk-remote-utils-4.0.4-6.9.7 supportutils-plugin-susemanager-client-4.0.2-9.9.7 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1132346 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1136102 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Tue Jun 25 10:19:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:19:32 +0200 (CEST) Subject: SUSE-RU-2019:1706-1: moderate: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20190625161932.B65E8FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1706-1 Rating: moderate References: #1102819 #1117017 #1121439 #1122680 #1123375 #1125015 #1125090 #1128061 #1128838 #1129079 #1130492 #1130551 #1130784 #1131408 #1131423 #1131704 #1131780 #1131867 #1131929 #1131954 #1132080 #1132103 #1132197 #1133424 #1133523 #1133587 #1133629 #1134195 #1134876 #1135166 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 30 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following additions: - New feature * Salt 2019.2.0 Update * Update of traditional Client Tools * Salt Rate Limiting (Batching) * Product Information Loaded from SCC - SUSE Manager Server bugs fixed by latest updates: bsc#1134195, bsc#1117017, bsc#1128061, bsc#1131423, bsc#1131423, bsc#1129079, bsc#1134876, bsc#1125090, bsc#1133424, bsc#1132197, bsc#1135166, bsc#1134876, bsc#1131704, bsc#1130492, bsc#1131780, bsc#1128838, bsc#1130551, bsc#1123375, bsc#1131929, bsc#1131954, bsc#1133587, bsc#1131867, bsc#1133629, bsc#1132103, bsc#1130784, bsc#1121439, bsc#1133523, bsc#1128061, bsc#1125015, bsc#1122680, bsc#1102819, bsc#1129079 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1131408, bsc#1134876, bsc#1125090, bsc#1133424, bsc#1125090, bsc#1132197, bsc#1132080 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1706=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1706=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.8-6.32.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.8-0.16.24.1 References: https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1117017 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1123375 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1125090 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128838 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130492 https://bugzilla.suse.com/1130551 https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1131408 https://bugzilla.suse.com/1131423 https://bugzilla.suse.com/1131704 https://bugzilla.suse.com/1131780 https://bugzilla.suse.com/1131867 https://bugzilla.suse.com/1131929 https://bugzilla.suse.com/1131954 https://bugzilla.suse.com/1132080 https://bugzilla.suse.com/1132103 https://bugzilla.suse.com/1132197 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1133523 https://bugzilla.suse.com/1133587 https://bugzilla.suse.com/1133629 https://bugzilla.suse.com/1134195 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1135166 From sle-updates at lists.suse.com Tue Jun 25 10:23:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:23:53 +0200 (CEST) Subject: SUSE-RU-2019:1695-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190625162353.C064BFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1695-1 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1118492 #1120242 #1125610 #1125744 #1128529 #1128564 #1129243 #1129300 #1130077 #1131677 #1132346 #1133424 #1134876 #1136102 #1138130 #987798 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical6: - Add busybox package for tftp client POS_Image-JeOS6: - Add busybox package for tftp client hwdata: - Fix build for older distributon not supporting license tag at the SPEC file kiwi-desc-saltboot: - Refactor kernel check and kexec functionality - make sure that preinit is called with correct kernel - Support for SLES11 - Add nls modules for vfat - Fallback to previously installed image if SUMA is offline - Add tools to create efi partition - Add nvme drivers rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Compatibility with Python 2 and 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1695=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1695=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-1695=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1695=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-1695=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-1.3.7 golang-github-lusitaniae-apache_exporter-0.5.0-1.3.7 golang-github-prometheus-alertmanager-0.16.2-1.3.9 golang-github-prometheus-node_exporter-0.17.0-1.3.7 golang-github-prometheus-prometheus-2.7.1-1.3.9 golang-github-prometheus-promu-0.3.0-1.3.7 golang-github-wrouesnel-postgres_exporter-0.4.7-1.3.4 - SUSE Manager Tools 12 (noarch): POS_Image-Graphical6-0.1.1554396712.61f8fb6-1.9.4 POS_Image-JeOS6-0.1.1554396712.61f8fb6-1.6.4 hwdata-0.314-10.12.4 kiwi-desc-saltboot-0.1.1556553492.2bfae0b-1.9.4 mgr-cfg-4.0.8-1.3.9 mgr-cfg-actions-4.0.8-1.3.9 mgr-cfg-client-4.0.8-1.3.9 mgr-cfg-management-4.0.8-1.3.9 mgr-custom-info-4.0.5-1.3.3 mgr-daemon-4.0.6-1.5.1 mgr-osad-4.0.8-1.3.8 mgr-push-4.0.6-1.3.9 mgr-virtualization-host-4.0.6-1.3.11 python2-mgr-cfg-4.0.8-1.3.9 python2-mgr-cfg-actions-4.0.8-1.3.9 python2-mgr-cfg-client-4.0.8-1.3.9 python2-mgr-cfg-management-4.0.8-1.3.9 python2-mgr-osa-common-4.0.8-1.3.8 python2-mgr-osad-4.0.8-1.3.8 python2-mgr-push-4.0.6-1.3.9 python2-mgr-virtualization-common-4.0.6-1.3.11 python2-mgr-virtualization-host-4.0.6-1.3.11 python2-rhnlib-4.0.8-21.9.7 python2-spacewalk-check-4.0.9-52.17.1 python2-spacewalk-client-setup-4.0.9-52.17.1 python2-spacewalk-client-tools-4.0.9-52.17.1 python2-spacewalk-koan-4.0.5-24.6.7 python2-spacewalk-oscap-4.0.5-19.9.5 python2-suseRegisterInfo-4.0.4-25.6.7 python2-zypp-plugin-spacewalk-1.0.5-30.15.3 spacecmd-4.0.11-38.44.7 spacewalk-backend-libs-4.0.17-55.36.9 spacewalk-check-4.0.9-52.17.1 spacewalk-client-setup-4.0.9-52.17.1 spacewalk-client-tools-4.0.9-52.17.1 spacewalk-koan-4.0.5-24.6.7 spacewalk-oscap-4.0.5-19.9.5 spacewalk-remote-utils-4.0.4-24.9.7 spacewalk-usix-4.0.9-3.6.7 supportutils-plugin-susemanager-client-4.0.2-6.9.4 suseRegisterInfo-4.0.4-25.6.7 zypp-plugin-spacewalk-1.0.5-30.15.3 - SUSE Manager Server 3.2 (noarch): hwdata-0.314-10.12.4 - SUSE Manager Server 3.1 (noarch): hwdata-0.314-10.12.4 - SUSE Manager Proxy 3.2 (noarch): hwdata-0.314-10.12.4 - SUSE Manager Proxy 3.1 (noarch): hwdata-0.314-10.12.4 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1132346 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1136102 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Tue Jun 25 10:26:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:26:45 +0200 (CEST) Subject: SUSE-RU-2019:14109-1: moderate: Recommended update for Salt Message-ID: <20190625162645.878B6FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14109-1 Rating: moderate References: #1102819 #1121439 #1122680 #1125015 #1128061 #1129079 #1130784 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update includes the following new features: - Update to 2019.2.0 release (fate#327138, bsc#1133523) This update fixes the following issues: salt: - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (fate#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues - Fixes typo in depedency: e2fsprogs - Adds missing dependencies to salt-common: python-concurrent.futures Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-201905-14109=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-2019.2.0+ds-1 salt-minion-2019.2.0+ds-1 References: https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130784 From sle-updates at lists.suse.com Tue Jun 25 10:28:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:28:08 +0200 (CEST) Subject: SUSE-RU-2019:1703-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190625162808.6CC1FFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1703-1 Rating: moderate References: #1125090 #1131408 #1132080 #1132197 #1133424 #1134876 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: rhncfg: - Create client tools compat links also for non-SUSE systems (bsc#1131408) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090) - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) spacewalk-certs-tools: - Add new packages names to instructions for adding remote configuration support for traditional clients - Print error message instead of stacktrace for client_config_update.py spacewalk-proxy: - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090) - Do not reset rhn.conf on proxy during upgrade (bsc#1132197) spacewalk-proxy-installer: - Fix connection type test for proxy (bsc#1132080) spacewalk-web: - Change WebUI string version to 3.2.8 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): susemanager-3.2.18-3.25.2 susemanager-tools-3.2.18-3.25.2 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.19.1 py26-compat-salt-2016.11.10-6.26.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 salt-netapi-client-0.16.0-4.11.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-app-2.8.57.16-3.30.1 spacewalk-backend-applet-2.8.57.16-3.30.1 spacewalk-backend-config-files-2.8.57.16-3.30.1 spacewalk-backend-config-files-common-2.8.57.16-3.30.1 spacewalk-backend-config-files-tool-2.8.57.16-3.30.1 spacewalk-backend-iss-2.8.57.16-3.30.1 spacewalk-backend-iss-export-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-backend-package-push-server-2.8.57.16-3.30.1 spacewalk-backend-server-2.8.57.16-3.30.1 spacewalk-backend-sql-2.8.57.16-3.30.1 spacewalk-backend-sql-oracle-2.8.57.16-3.30.1 spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1 spacewalk-backend-tools-2.8.57.16-3.30.1 spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1 spacewalk-backend-xmlrpc-2.8.57.16-3.30.1 spacewalk-base-2.8.7.16-3.27.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-config-2.8.5.7-3.16.1 spacewalk-html-2.8.7.16-3.27.1 spacewalk-java-2.8.78.22-3.32.1 spacewalk-java-config-2.8.78.22-3.32.1 spacewalk-java-lib-2.8.78.22-3.32.1 spacewalk-java-oracle-2.8.78.22-3.32.1 spacewalk-java-postgresql-2.8.78.22-3.32.1 spacewalk-taskomatic-2.8.78.22-3.32.1 susemanager-advanced-topics_en-pdf-3.2-11.26.1 susemanager-best-practices_en-pdf-3.2-11.26.1 susemanager-docs_en-3.2-11.26.1 susemanager-getting-started_en-pdf-3.2-11.26.1 susemanager-jsp_en-3.2-11.26.1 susemanager-reference_en-pdf-3.2-11.26.1 susemanager-schema-3.2.19-3.25.1 susemanager-sls-3.2.25-3.29.1 susemanager-sync-data-3.2.15-3.23.1 susemanager-web-libs-2.8.7.16-3.27.1 - SUSE Manager Proxy 3.2 (noarch): python2-rhncfg-5.10.122.3-3.3.1 python2-rhncfg-actions-5.10.122.3-3.3.1 python2-rhncfg-client-5.10.122.3-3.3.1 python2-rhncfg-management-5.10.122.3-3.3.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 python2-zypp-plugin-spacewalk-1.0.5-3.7.1 rhncfg-5.10.122.3-3.3.1 rhncfg-actions-5.10.122.3-3.3.1 rhncfg-client-5.10.122.3-3.3.1 rhncfg-management-5.10.122.3-3.3.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-proxy-broker-2.8.5.5-3.6.2 spacewalk-proxy-common-2.8.5.5-3.6.2 spacewalk-proxy-installer-2.8.6.6-3.12.1 spacewalk-proxy-management-2.8.5.5-3.6.2 spacewalk-proxy-package-manager-2.8.5.5-3.6.2 spacewalk-proxy-redirect-2.8.5.5-3.6.2 spacewalk-proxy-salt-2.8.5.5-3.6.2 susemanager-web-libs-2.8.7.16-3.27.1 zypp-plugin-spacewalk-1.0.5-3.7.1 References: https://bugzilla.suse.com/1125090 https://bugzilla.suse.com/1131408 https://bugzilla.suse.com/1132080 https://bugzilla.suse.com/1132197 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1134876 From sle-updates at lists.suse.com Tue Jun 25 10:29:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:29:21 +0200 (CEST) Subject: SUSE-RU-2019:1701-1: moderate: Recommended update for perl-Tk Message-ID: <20190625162921.5DCFDFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Tk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1701-1 Rating: moderate References: #1134134 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Tk fixes the following issues: - Tk::Photo importer fails on some XPM files. (bsc#1134134) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1701=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1701=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1701=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1701=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1701=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1701=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 perl-Tk-devel-804.031-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 perl-Tk-devel-804.031-5.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-Tk-804.031-5.3.1 perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-Tk-804.031-5.3.1 perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): perl-Tk-804.031-5.3.1 perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-Tk-804.031-5.3.1 perl-Tk-debuginfo-804.031-5.3.1 perl-Tk-debugsource-804.031-5.3.1 References: https://bugzilla.suse.com/1134134 From sle-updates at lists.suse.com Tue Jun 25 10:30:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:30:02 +0200 (CEST) Subject: SUSE-RU-2019:1700-1: moderate: Security update for libssh Message-ID: <20190625163002.EAF71FDCE@maintenance.suse.de> SUSE Recommended Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1700-1 Rating: moderate References: #1134193 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1700=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1700=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.8.7-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libssh-debugsource-0.8.7-10.3.1 libssh-devel-0.8.7-10.3.1 libssh4-0.8.7-10.3.1 libssh4-debuginfo-0.8.7-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libssh4-32bit-0.8.7-10.3.1 libssh4-32bit-debuginfo-0.8.7-10.3.1 References: https://bugzilla.suse.com/1134193 From sle-updates at lists.suse.com Tue Jun 25 10:30:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:30:44 +0200 (CEST) Subject: SUSE-RU-2019:14107-1: moderate: Recommended update for Salt Message-ID: <20190625163044.8086BFDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14107-1 Rating: moderate References: #1117017 #1128061 #1129079 #1131423 #1136250 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options for SLE11 (bsc#1117017) - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Port optimization_order config parameter (bsc#1131423) - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201905-14107=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201905-14107=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.49.1 salt-doc-2016.11.10-43.49.1 salt-minion-2016.11.10-43.49.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.49.1 salt-doc-2016.11.10-43.49.1 salt-minion-2016.11.10-43.49.1 References: https://bugzilla.suse.com/1117017 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1131423 https://bugzilla.suse.com/1136250 From sle-updates at lists.suse.com Tue Jun 25 10:31:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:31:55 +0200 (CEST) Subject: SUSE-RU-2019:1703-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190625163155.5C9E6FDCE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1703-1 Rating: moderate References: #1117017 #1125090 #1128061 #1128838 #1129079 #1130492 #1130551 #1131408 #1131423 #1131704 #1131780 #1131867 #1131929 #1131954 #1132080 #1132103 #1132197 #1133424 #1133587 #1133629 #1134195 #1134876 #1135166 #1136029 #1136423 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 24 fixes is now available. Description: This update fixes the following issues: rhncfg: - Create client tools compat links also for non-SUSE systems (bsc#1131408) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090) - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) spacewalk-certs-tools: - Add new packages names to instructions for adding remote configuration support for traditional clients - Print error message instead of stacktrace for client_config_update.py spacewalk-proxy: - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090) - Do not reset rhn.conf on proxy during upgrade (bsc#1132197) spacewalk-proxy-installer: - Fix connection type test for proxy (bsc#1132080) spacewalk-web: - Change WebUI string version to 3.2.8 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): susemanager-3.2.18-3.25.2 susemanager-tools-3.2.18-3.25.2 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.19.1 py26-compat-salt-2016.11.10-6.26.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 salt-netapi-client-0.16.0-4.11.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-app-2.8.57.16-3.30.1 spacewalk-backend-applet-2.8.57.16-3.30.1 spacewalk-backend-config-files-2.8.57.16-3.30.1 spacewalk-backend-config-files-common-2.8.57.16-3.30.1 spacewalk-backend-config-files-tool-2.8.57.16-3.30.1 spacewalk-backend-iss-2.8.57.16-3.30.1 spacewalk-backend-iss-export-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-backend-package-push-server-2.8.57.16-3.30.1 spacewalk-backend-server-2.8.57.16-3.30.1 spacewalk-backend-sql-2.8.57.16-3.30.1 spacewalk-backend-sql-oracle-2.8.57.16-3.30.1 spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1 spacewalk-backend-tools-2.8.57.16-3.30.1 spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1 spacewalk-backend-xmlrpc-2.8.57.16-3.30.1 spacewalk-base-2.8.7.16-3.27.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-config-2.8.5.7-3.16.1 spacewalk-html-2.8.7.16-3.27.1 spacewalk-java-2.8.78.22-3.32.1 spacewalk-java-config-2.8.78.22-3.32.1 spacewalk-java-lib-2.8.78.22-3.32.1 spacewalk-java-oracle-2.8.78.22-3.32.1 spacewalk-java-postgresql-2.8.78.22-3.32.1 spacewalk-taskomatic-2.8.78.22-3.32.1 susemanager-advanced-topics_en-pdf-3.2-11.26.1 susemanager-best-practices_en-pdf-3.2-11.26.1 susemanager-docs_en-3.2-11.26.1 susemanager-getting-started_en-pdf-3.2-11.26.1 susemanager-jsp_en-3.2-11.26.1 susemanager-reference_en-pdf-3.2-11.26.1 susemanager-schema-3.2.19-3.25.1 susemanager-sls-3.2.25-3.29.1 susemanager-sync-data-3.2.15-3.23.1 susemanager-web-libs-2.8.7.16-3.27.1 - SUSE Manager Proxy 3.2 (noarch): python2-rhncfg-5.10.122.3-3.3.1 python2-rhncfg-actions-5.10.122.3-3.3.1 python2-rhncfg-client-5.10.122.3-3.3.1 python2-rhncfg-management-5.10.122.3-3.3.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 python2-zypp-plugin-spacewalk-1.0.5-3.7.1 rhncfg-5.10.122.3-3.3.1 rhncfg-actions-5.10.122.3-3.3.1 rhncfg-client-5.10.122.3-3.3.1 rhncfg-management-5.10.122.3-3.3.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-proxy-broker-2.8.5.5-3.6.2 spacewalk-proxy-common-2.8.5.5-3.6.2 spacewalk-proxy-installer-2.8.6.6-3.12.1 spacewalk-proxy-management-2.8.5.5-3.6.2 spacewalk-proxy-package-manager-2.8.5.5-3.6.2 spacewalk-proxy-redirect-2.8.5.5-3.6.2 spacewalk-proxy-salt-2.8.5.5-3.6.2 susemanager-web-libs-2.8.7.16-3.27.1 zypp-plugin-spacewalk-1.0.5-3.7.1 References: https://www.suse.com/security/cve/CVE-2019-3684.html https://bugzilla.suse.com/1117017 https://bugzilla.suse.com/1125090 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128838 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130492 https://bugzilla.suse.com/1130551 https://bugzilla.suse.com/1131408 https://bugzilla.suse.com/1131423 https://bugzilla.suse.com/1131704 https://bugzilla.suse.com/1131780 https://bugzilla.suse.com/1131867 https://bugzilla.suse.com/1131929 https://bugzilla.suse.com/1131954 https://bugzilla.suse.com/1132080 https://bugzilla.suse.com/1132103 https://bugzilla.suse.com/1132197 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1133587 https://bugzilla.suse.com/1133629 https://bugzilla.suse.com/1134195 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1135166 https://bugzilla.suse.com/1136029 https://bugzilla.suse.com/1136423 From sle-updates at lists.suse.com Tue Jun 25 10:35:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 18:35:16 +0200 (CEST) Subject: SUSE-SU-2019:1703-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190625163516.7664CFDCE@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1703-1 Rating: moderate References: #1117017 #1125090 #1128061 #1128838 #1129079 #1130492 #1130551 #1131423 #1131704 #1131780 #1131867 #1131929 #1131954 #1132103 #1132197 #1133424 #1133587 #1133629 #1134195 #1134876 #1135166 #1136029 #1136102 #1136250 #1136423 Cross-References: CVE-2019-3684 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 24 fixes is now available. Description: This update fixes the following issues: cobbler: - Removes string replace for textmode fix (bsc#1134195) py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250) - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options for SLE11 (bsc#1117017) - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Do not include "ordereddict" and "singledispatch" on the thin for Python 2.6 systems. - Fix paths for py26-compat dependencies on SLE15 and newer - Port optimization_order config parameter (bsc#1131423) - Use special tornado and msgpack-python compat packages on sles15sp1 and greater in py26-compat-salt.conf (bsc#1131423) - Add missing py26 thin dependencies - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) salt-netapi-client: - Add workaround for Salt issue 52762 - Version 0.16.0 see https://github.com/SUSE/salt-netapi-client/releases/tag/v0.16.0 spacewalk-backend: - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090) - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) spacewalk-certs-tools: - Fix missing quotation in bootstrap script (bsc#1136423) - Add new packages names to instructions for adding remote configuration support for traditional clients - Print error message instead of stacktrace for client_config_update.py spacewalk-config: - Fix config declaration for rhn.conf (bsc#1132197) spacewalk-java: - Remove the 'Returning' clause from the query as oracle doesn't support it (bsc#1135166) - Use new names in code for client tool packages which were renamed (bsc#1134876) - Handle the different retcodes that are being returned when salt module is not available (bsc#1131704) - Do not implicitly set parent channel when cloning (bsc#1130492) - Prevent Actions that were actually completed to be displayed as "in progress" forever (bsc#1131780) - Enable batching mode for salt synchronous calls - Show minion id in System Details GUI and API - Do not report Provisioning installed product to subscription matcher (bsc#1128838) - Fix product package conflicts with SLES for SAP systems (bsc#1130551) - Add support for Salt batch execution mode - Fix NPE on remote commands when no targets match (bsc1123375) - Fix apidoc return order on mergePackages - Take into account only synced products when scheduling SP migration from the API (bsc#1131929) spacewalk-web: - Change WebUI string version to 3.2.8 susemanager: - Make swap files readable only by root (bsc#1131954, CVE-2019-3684) - Do not show false errors when configuring swapfile during setup - Create bootstrap repo for new Red Hat channels (bsc#1133587) susemanager-docs_en: - Minion ID is visible in System Info box. - Managing Systems Completely via SSH now fully supported (bsc#1131867). susemanager-schema: - Copy 3.1 schema migrations to 3.2 to be able to migrate from an older schema version to 3.2 - Add support for Salt batch execution mode susemanager-sls: - Add support for Salt batch execution mode susemanager-sync-data: - Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629) - Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): susemanager-3.2.18-3.25.2 susemanager-tools-3.2.18-3.25.2 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.19.1 py26-compat-salt-2016.11.10-6.26.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 salt-netapi-client-0.16.0-4.11.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-app-2.8.57.16-3.30.1 spacewalk-backend-applet-2.8.57.16-3.30.1 spacewalk-backend-config-files-2.8.57.16-3.30.1 spacewalk-backend-config-files-common-2.8.57.16-3.30.1 spacewalk-backend-config-files-tool-2.8.57.16-3.30.1 spacewalk-backend-iss-2.8.57.16-3.30.1 spacewalk-backend-iss-export-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-backend-package-push-server-2.8.57.16-3.30.1 spacewalk-backend-server-2.8.57.16-3.30.1 spacewalk-backend-sql-2.8.57.16-3.30.1 spacewalk-backend-sql-oracle-2.8.57.16-3.30.1 spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1 spacewalk-backend-tools-2.8.57.16-3.30.1 spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1 spacewalk-backend-xmlrpc-2.8.57.16-3.30.1 spacewalk-base-2.8.7.16-3.27.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-config-2.8.5.7-3.16.1 spacewalk-html-2.8.7.16-3.27.1 spacewalk-java-2.8.78.22-3.32.1 spacewalk-java-config-2.8.78.22-3.32.1 spacewalk-java-lib-2.8.78.22-3.32.1 spacewalk-java-oracle-2.8.78.22-3.32.1 spacewalk-java-postgresql-2.8.78.22-3.32.1 spacewalk-taskomatic-2.8.78.22-3.32.1 susemanager-advanced-topics_en-pdf-3.2-11.26.1 susemanager-best-practices_en-pdf-3.2-11.26.1 susemanager-docs_en-3.2-11.26.1 susemanager-getting-started_en-pdf-3.2-11.26.1 susemanager-jsp_en-3.2-11.26.1 susemanager-reference_en-pdf-3.2-11.26.1 susemanager-schema-3.2.19-3.25.1 susemanager-sls-3.2.25-3.29.1 susemanager-sync-data-3.2.15-3.23.1 susemanager-web-libs-2.8.7.16-3.27.1 - SUSE Manager Proxy 3.2 (noarch): python2-rhncfg-5.10.122.3-3.3.1 python2-rhncfg-actions-5.10.122.3-3.3.1 python2-rhncfg-client-5.10.122.3-3.3.1 python2-rhncfg-management-5.10.122.3-3.3.1 python2-spacewalk-certs-tools-2.8.8.10-3.11.1 python2-zypp-plugin-spacewalk-1.0.5-3.7.1 rhncfg-5.10.122.3-3.3.1 rhncfg-actions-5.10.122.3-3.3.1 rhncfg-client-5.10.122.3-3.3.1 rhncfg-management-5.10.122.3-3.3.1 spacewalk-backend-2.8.57.16-3.30.1 spacewalk-backend-libs-2.8.57.16-3.30.1 spacewalk-base-minimal-2.8.7.16-3.27.1 spacewalk-base-minimal-config-2.8.7.16-3.27.1 spacewalk-certs-tools-2.8.8.10-3.11.1 spacewalk-proxy-broker-2.8.5.5-3.6.2 spacewalk-proxy-common-2.8.5.5-3.6.2 spacewalk-proxy-installer-2.8.6.6-3.12.1 spacewalk-proxy-management-2.8.5.5-3.6.2 spacewalk-proxy-package-manager-2.8.5.5-3.6.2 spacewalk-proxy-redirect-2.8.5.5-3.6.2 spacewalk-proxy-salt-2.8.5.5-3.6.2 susemanager-web-libs-2.8.7.16-3.27.1 zypp-plugin-spacewalk-1.0.5-3.7.1 References: https://www.suse.com/security/cve/CVE-2019-3684.html https://bugzilla.suse.com/1117017 https://bugzilla.suse.com/1125090 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128838 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130492 https://bugzilla.suse.com/1130551 https://bugzilla.suse.com/1131423 https://bugzilla.suse.com/1131704 https://bugzilla.suse.com/1131780 https://bugzilla.suse.com/1131867 https://bugzilla.suse.com/1131929 https://bugzilla.suse.com/1131954 https://bugzilla.suse.com/1132103 https://bugzilla.suse.com/1132197 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1133587 https://bugzilla.suse.com/1133629 https://bugzilla.suse.com/1134195 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1135166 https://bugzilla.suse.com/1136029 https://bugzilla.suse.com/1136102 https://bugzilla.suse.com/1136250 https://bugzilla.suse.com/1136423 From sle-updates at lists.suse.com Tue Jun 25 13:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 21:10:53 +0200 (CEST) Subject: SUSE-RU-2019:1711-1: moderate: Recommended update for kubernetes-salt Message-ID: <20190625191053.4B517F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1711-1 Rating: moderate References: #1122439 #1130538 #1130661 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: * The PodSecurityPolicy for tiller did not have the correct permissions * The firewall settings of the container network were too restrictive and could cause containers in a subnetwork to be terminated or fail * Wrong parsing of an empty configuration string could cause services to fail to start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r986_d801419-3.71.1 References: https://bugzilla.suse.com/1122439 https://bugzilla.suse.com/1130538 https://bugzilla.suse.com/1130661 From sle-updates at lists.suse.com Tue Jun 25 13:11:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jun 2019 21:11:54 +0200 (CEST) Subject: SUSE-SU-2019:1712-1: moderate: Security update for ImageMagick Message-ID: <20190625191154.E1D1DF798@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1712-1 Rating: moderate References: #1133204 #1133205 #1133498 #1133501 #1134075 #1135232 #1135236 #1136183 #1136732 #1138425 #1138464 Cross-References: CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1712=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1712=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1712=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1712=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1712=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1712=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1712=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1712=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 ImageMagick-devel-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagick++-devel-6.8.8.1-71.123.2 perl-PerlMagick-6.8.8.1-71.123.2 perl-PerlMagick-debuginfo-6.8.8.1-71.123.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 ImageMagick-devel-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagick++-devel-6.8.8.1-71.123.2 perl-PerlMagick-6.8.8.1-71.123.2 perl-PerlMagick-debuginfo-6.8.8.1-71.123.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.123.2 ImageMagick-config-6-SUSE-6.8.8.1-71.123.2 ImageMagick-config-6-upstream-6.8.8.1-71.123.2 ImageMagick-debuginfo-6.8.8.1-71.123.2 ImageMagick-debugsource-6.8.8.1-71.123.2 libMagick++-6_Q16-3-6.8.8.1-71.123.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-6.8.8.1-71.123.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2 References: https://www.suse.com/security/cve/CVE-2017-12805.html https://www.suse.com/security/cve/CVE-2017-12806.html https://www.suse.com/security/cve/CVE-2019-10131.html https://www.suse.com/security/cve/CVE-2019-11470.html https://www.suse.com/security/cve/CVE-2019-11472.html https://www.suse.com/security/cve/CVE-2019-11505.html https://www.suse.com/security/cve/CVE-2019-11506.html https://www.suse.com/security/cve/CVE-2019-11597.html https://www.suse.com/security/cve/CVE-2019-11598.html https://bugzilla.suse.com/1133204 https://bugzilla.suse.com/1133205 https://bugzilla.suse.com/1133498 https://bugzilla.suse.com/1133501 https://bugzilla.suse.com/1134075 https://bugzilla.suse.com/1135232 https://bugzilla.suse.com/1135236 https://bugzilla.suse.com/1136183 https://bugzilla.suse.com/1136732 https://bugzilla.suse.com/1138425 https://bugzilla.suse.com/1138464 From sle-updates at lists.suse.com Wed Jun 26 10:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jun 2019 18:11:31 +0200 (CEST) Subject: SUSE-RU-2019:1714-1: moderate: Recommended update for salt Message-ID: <20190626161131.79358F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1714-1 Rating: moderate References: #1130784 #1132076 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for salt provides the following fixes: - Switch firewalld to use changed interface. (bsc#1132076) - Fix async-batch to fire a single done event. - Fix crashing Salt CLI when there are IPv6 established connections. (bsc#1130784) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1714=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-1714=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1714=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-2019.2.0-6.3.5 salt-cloud-2019.2.0-6.3.5 salt-master-2019.2.0-6.3.5 salt-proxy-2019.2.0-6.3.5 salt-ssh-2019.2.0-6.3.5 salt-syndic-2019.2.0-6.3.5 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-2019.2.0-6.3.5 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-6.3.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-2019.2.0-6.3.5 salt-2019.2.0-6.3.5 salt-doc-2019.2.0-6.3.5 salt-minion-2019.2.0-6.3.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-2019.2.0-6.3.5 salt-zsh-completion-2019.2.0-6.3.5 References: https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1132076 From sle-updates at lists.suse.com Wed Jun 26 10:12:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Jun 2019 18:12:25 +0200 (CEST) Subject: SUSE-RU-2019:1713-1: moderate: Recommended update for Salt Message-ID: <20190626161225.787C0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1713-1 Rating: moderate References: #1102819 #1121439 #1122680 #1125015 #1128061 #1129079 #1130784 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update includes the following new features: - Update to 2019.2.0 release (fate#327138, bsc#1133523) This update fixes the following issues: salt: - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (fate#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1713=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1713=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-1713=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1713=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-1713=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1713=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1713=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-46.65.2 python3-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-doc-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2019.2.0-46.65.2 python3-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-api-2019.2.0-46.65.2 salt-cloud-2019.2.0-46.65.2 salt-doc-2019.2.0-46.65.2 salt-master-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 salt-proxy-2019.2.0-46.65.2 salt-ssh-2019.2.0-46.65.2 salt-syndic-2019.2.0-46.65.2 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2019.2.0-46.65.2 salt-zsh-completion-2019.2.0-46.65.2 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2019.2.0-46.65.2 python3-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-api-2019.2.0-46.65.2 salt-cloud-2019.2.0-46.65.2 salt-doc-2019.2.0-46.65.2 salt-master-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 salt-proxy-2019.2.0-46.65.2 salt-ssh-2019.2.0-46.65.2 salt-syndic-2019.2.0-46.65.2 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2019.2.0-46.65.2 salt-zsh-completion-2019.2.0-46.65.2 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2019.2.0-46.65.2 python3-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2019.2.0-46.65.2 python3-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2019.2.0-46.65.2 salt-2019.2.0-46.65.2 salt-api-2019.2.0-46.65.2 salt-cloud-2019.2.0-46.65.2 salt-doc-2019.2.0-46.65.2 salt-master-2019.2.0-46.65.2 salt-minion-2019.2.0-46.65.2 salt-proxy-2019.2.0-46.65.2 salt-ssh-2019.2.0-46.65.2 salt-syndic-2019.2.0-46.65.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2019.2.0-46.65.2 salt-zsh-completion-2019.2.0-46.65.2 References: https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130784 From sle-updates at lists.suse.com Thu Jun 27 07:12:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jun 2019 15:12:18 +0200 (CEST) Subject: SUSE-SU-2019:1308-2: important: Security update for java-1_8_0-ibm Message-ID: <20190627131218.0F146F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1308-2 Rating: important References: #1132728 #1132729 #1132732 #1132734 #1134718 Cross-References: CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1308=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1308=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-demo-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-src-1.8.0_sr5.35-3.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr5.35-3.20.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-10245.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2697.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1132734 https://bugzilla.suse.com/1134718 From sle-updates at lists.suse.com Thu Jun 27 07:13:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jun 2019 15:13:27 +0200 (CEST) Subject: SUSE-RU-2019:1715-1: moderate: Recommended update for cloud-init, dhcp Message-ID: <20190627131327.AFBCAF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init, dhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1715-1 Rating: moderate References: #1087331 #1095627 #1097388 #1099340 #1101894 #1111427 #1114160 #1116767 #1119397 #1121878 #1123694 #1125950 #1125992 #1126101 #1132692 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for cloud-init, dhcp provides the following fixes: Changes to cloud-init: - When the user configures a new rules file for network devices, the rules may not apply immediately, so trigger udevadm. (bsc#1125950) - Fix the order of calls when writing routes so that the SUSE implementation of route config file writing has precedence over the default implementation. (bsc#1125992) - Use the proper name to designate IPv6 addresses in ifcfg-* files. (bsc#1126101) - Drop a '-' in the route file for the last column. (bsc#1123694) - Make sure the resulting resolv.conf file is not empty. (bsc#1119397) - Update to version 18.5 (bsc#1121878, bsc#1116767): * Add cloud-id binary to packages for SUSE. * azure: Accept variation in error msg from mount for ntfs volumes. * azure: Add apply_network_config option to disable network from IMDS. * azure: Add udev rules to create cloud-init Gen2 disk name symlinks. * azure: Detect vnet migration via netlink media change event. * azure: Fix a copy and paste error in error handling when reading azure ovf. * azure: Fix a regression introduced when persisting ephemeral dhcp lease. * azure: _poll_imds only retry on 404, failing on timeout. * azure: Remove /etc/netplan/90-hotplug-azure.yaml when net from IMDS. * azure: Report ready to fabric after reprovision and reduce logging. * azure: Retry imds polling on requests.Timeout. * config: On ubuntu select cloud archive mirrors for armel, armhf, arm64. * dhclient-hook: Clean it up, add tests and fix a bug on 'down' event. * doc: Change dns_nameserver property to dns_nameservers. * docs: Remove colon from network v1 config example. * instance-data: Add standard keys platform and subplatform. Refactor ec2. * instance-data: Fallback to instance-data.json if sensitive is absent. * logs: collect-logs ignore instance-data-sensitive.json on non-root user * net: Ephemeral*Network: Add connectivity check via URL. * net: Ignore nics that have "zero" mac address. * net: Render 'metric' values in per-subnet routes. * NoCloud: Allow top level 'network' key in network-config. * ovf: Fix ovf network config generation gateway/routes. * ovf: Identify label iso9660 filesystems with label 'OVF ENV'. * query: Better error when missing read permission on instance-data. * resizefs: Prefix discovered devpath with '/dev/' when path does not exist. * systemd: On SUSE ensure cloud-init.service runs before wicked. * tools: Add cloud-id command line utility. * Update detection of openSUSE variants. * write_files: Add support for appending to files. - Fix a decoding error that could cause persisting the metadata to fail. (bsc#1101894) - Fix a problem that could cause static network to be configured with BOOTPROTO=none. (bsc#1114160) - Changes from 18.4 (bsc#1087331, bsc#1097388, bsc#1111427, bsc#1095627): * Avoid Python 3 dependency when building for distros with Python 2 support. * Add dhcp-client as requirement as cloud-init uses dhclient to setup a temporary network for metadata retrieval. (fate#327672) * Use ds._crawled_metadata instance attribute if set when writing instance-data.json. * ec2: Update crawled metadata and add standardized keys. * lxd: Adjust to snap installed lxd. * Add support for Infiniband network interfaces (IPoIB). * cli: Add cloud-init query subcommand to query instance metadata. * stages: Fix bug causing datasource to have incorrect sys_cfg. * net_util: Ensure static configurations have netmask in translate_network result. * Fall back to root:root on syslog permissions if other options fail. * OpenStack: Support setting mac address on bond. * EphemeralIPv4Network: Be more explicit when adding default route. * OpenStack: Support reading of newer versions of metadata. * OpenStack: Fix a bug that was causing causing 'latest' version to be used from network. * user-data: Use jinja template to render instance-data.json in cloud-config. * config: Disable ssh access to a configured user account. * sysconfig: Refactor sysconfig to accept distro specific templates paths. * hyperv_reporting_handler: Simplify threaded publisher. * VMWare: Fix a network config bug in vm with static IPv4 and no gateway. * logging: Add logging config type hyperv for reporting via Azure KVP * Add datasource Oracle Compute Infrastructure (OCI). * azure: Allow azure to generate network configuration from IMDS per boot. * Scaleway: Add network configuration to the DataSource. * netplan: Correctly render macaddress on a bonds and bridges when provided. * tools: Add 'net-convert' subcommand command to 'cloud-init devel'. * Use typeset or local in profile.d scripts. * OpenNebula: Fix null gateway6. * tools: add '--debug' to tools/net-convert.py * update_metadata: A datasource can support network re-config every boot. * Retry on failed import of gpg receive keys. * tools: Fix run-container when neither source or binary package requested. - Changes from 18.3: * Explicitly prevent `sudo` access for user module. * lxd: Delete default network and detach device if lxd-init created them. * openstack: Avoid unneeded metadata probe on non-openstack platforms. * stages: Fix tracebacks if a module stage is undefined or empty. * Be safer on string/bytes when writing multipart user-data to disk. * Fix get_proc_env for pids that have non-utf8 content in environment. * netplan: Fix mtu if provided by network config for all rendered types. * subp: Support combine_capture argument. * util: Add get_linux_distro function to replace platform.dist * Do not use the systemd_prefix macro, not available in this environment. * openstack: Allow discovery in init-local using dhclient in a sandbox. * yaml_load/schema: Add invalid line and column nums to error message. * Azure: Ignore NTFS mount errors when checking ephemeral drive. * cc_mounts: Do not add devices to fstab that are already present. * ds-identify: Ensure that we have certain tokens in PATH. * read_file_or_url: Move to url_helper, fix bug in its FileResponse. * ds-identify: Recognize container-other as a container. * ds-identify: Remove duplicate call to is_ds_enabled. * azure: Add reported ready marker file. * netinfo: Fix netdev_pformat when a nic does not have an address assigned. * collect-logs: Add -v flag, write to stderr, limit journal to single boot. * IBMCloud: Disable config-drive and nocloud only if IBMCloud is enabled. * Add reporting events and log_time around early source of blocking time. * IBMCloud: recognize provisioning environment during debug boots. * net: Detect unstable network names and trigger a settle if needed. * sysconfig: dhcp6 subnet type should not imply dhcpv4. * schema: In validation, raise ImportError if strict but no jsonschema. * set_passwords: Add newline to end of sshd config, only restart if updated. * net: Depend on iproute2's ip instead of net-tools ifconfig or route. * renderer: Support unicode in render_from_file. * Implement ntp client spec with auto support for distro selection. * apport: Add Brightbox, IBM, LXD, and OpenTelekomCloud to list of clouds. * tests: Fix ec2 integration network metadata validation. * cc_resizefs, util: Handle no /dev/zfs. - The distribution indicator is set to SUSE during template expansion. Do not replace anything set to Ubuntu. - Do not run cloud-init after network-online, this breaks functionality in cloud-init. Certain parts of the code running in this phase expect to run before the network is on-line. - Root should not be enabled by default. Image builders/users that want root access by default should provide an appropriate configuration file during image build or image setup. - Set distribution default to OpenSUSE/SLES. (bsc#1099340) - Run metadata detection after network-online. (bsc#1097388) - Properly accumulate all the defined routes for a given network device. Previously only the last defined route was written to the routes file. (bsc#1132692) - Write the udev rules to a different file than the default. (bsc#1125950) - Settle udev if not all configured devices are in the device tree to avoid race a condition between udev and cloud-init. (bsc#1125950) Changes in dhcp: - No changes, just being released together to be included in CaaS Platform. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1715=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1715=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1715=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1715=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1715=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1715=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1715=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1715=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 dhcp-devel-4.3.3-10.16.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 dhcp-devel-4.3.3-10.16.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.16.4 dhcp-client-4.3.3-10.16.4 dhcp-client-debuginfo-4.3.3-10.16.4 dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 dhcp-relay-4.3.3-10.16.4 dhcp-relay-debuginfo-4.3.3-10.16.4 dhcp-server-4.3.3-10.16.4 dhcp-server-debuginfo-4.3.3-10.16.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.16.4 dhcp-client-4.3.3-10.16.4 dhcp-client-debuginfo-4.3.3-10.16.4 dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 dhcp-relay-4.3.3-10.16.4 dhcp-relay-debuginfo-4.3.3-10.16.4 dhcp-server-4.3.3-10.16.4 dhcp-server-debuginfo-4.3.3-10.16.4 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-18.5-37.21.1 cloud-init-config-suse-18.5-37.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dhcp-4.3.3-10.16.4 dhcp-client-4.3.3-10.16.4 dhcp-client-debuginfo-4.3.3-10.16.4 dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dhcp-4.3.3-10.16.4 dhcp-client-4.3.3-10.16.4 dhcp-client-debuginfo-4.3.3-10.16.4 dhcp-debuginfo-4.3.3-10.16.4 dhcp-debugsource-4.3.3-10.16.4 - SUSE CaaS Platform 3.0 (x86_64): cloud-init-18.5-37.21.1 dhcp-4.3.3-10.16.4 dhcp-client-4.3.3-10.16.4 dhcp-client-debuginfo-4.3.3-10.16.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cloud-init-18.5-37.21.1 cloud-init-config-suse-18.5-37.21.1 References: https://bugzilla.suse.com/1087331 https://bugzilla.suse.com/1095627 https://bugzilla.suse.com/1097388 https://bugzilla.suse.com/1099340 https://bugzilla.suse.com/1101894 https://bugzilla.suse.com/1111427 https://bugzilla.suse.com/1114160 https://bugzilla.suse.com/1116767 https://bugzilla.suse.com/1119397 https://bugzilla.suse.com/1121878 https://bugzilla.suse.com/1123694 https://bugzilla.suse.com/1125950 https://bugzilla.suse.com/1125992 https://bugzilla.suse.com/1126101 https://bugzilla.suse.com/1132692 From sle-updates at lists.suse.com Thu Jun 27 10:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Jun 2019 18:11:37 +0200 (CEST) Subject: SUSE-SU-2019:1716-1: moderate: Security update for glibc Message-ID: <20190627161137.B9D63F798@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1716-1 Rating: moderate References: #1117993 #1132678 #941234 Cross-References: CVE-2015-5180 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234). Feature work: - IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678) Other issue addressed: - Fixed a concurrency issue with ldconfig (bsc#1117993). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1716=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1716=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1716=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-100.15.4 glibc-debugsource-2.22-100.15.4 glibc-devel-static-2.22-100.15.4 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): glibc-info-2.22-100.15.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.22-100.15.4 glibc-debuginfo-2.22-100.15.4 glibc-debugsource-2.22-100.15.4 glibc-devel-2.22-100.15.4 glibc-devel-debuginfo-2.22-100.15.4 glibc-locale-2.22-100.15.4 glibc-locale-debuginfo-2.22-100.15.4 glibc-profile-2.22-100.15.4 nscd-2.22-100.15.4 nscd-debuginfo-2.22-100.15.4 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): glibc-32bit-2.22-100.15.4 glibc-debuginfo-32bit-2.22-100.15.4 glibc-devel-32bit-2.22-100.15.4 glibc-devel-debuginfo-32bit-2.22-100.15.4 glibc-locale-32bit-2.22-100.15.4 glibc-locale-debuginfo-32bit-2.22-100.15.4 glibc-profile-32bit-2.22-100.15.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): glibc-html-2.22-100.15.4 glibc-i18ndata-2.22-100.15.4 glibc-info-2.22-100.15.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glibc-i18ndata-2.22-100.15.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glibc-2.22-100.15.4 glibc-32bit-2.22-100.15.4 glibc-debuginfo-2.22-100.15.4 glibc-debuginfo-32bit-2.22-100.15.4 glibc-debugsource-2.22-100.15.4 glibc-devel-2.22-100.15.4 glibc-devel-32bit-2.22-100.15.4 glibc-devel-debuginfo-2.22-100.15.4 glibc-devel-debuginfo-32bit-2.22-100.15.4 glibc-locale-2.22-100.15.4 glibc-locale-32bit-2.22-100.15.4 glibc-locale-debuginfo-2.22-100.15.4 glibc-locale-debuginfo-32bit-2.22-100.15.4 nscd-2.22-100.15.4 nscd-debuginfo-2.22-100.15.4 References: https://www.suse.com/security/cve/CVE-2015-5180.html https://bugzilla.suse.com/1117993 https://bugzilla.suse.com/1132678 https://bugzilla.suse.com/941234