From sle-updates at lists.suse.com Fri Mar 1 04:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 12:12:00 +0100 (CET) Subject: SUSE-RU-2019:13966-1: moderate: Recommended update for krb5 Message-ID: <20190301111200.65672FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13966-1 Rating: moderate References: #1056995 #1081725 #1114897 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for krb5 fixes the following issues: - Fix GSS failures in legacy applications; (bsc#1081725); (bsc#1114897); - Fix a context leak in gss_accept_sec_context introduced by (bsc#1056995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-13966=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-13966=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-krb5-13966=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-13966=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.113.10.1 krb5-apps-clients-1.6.3-133.49.113.10.1 krb5-apps-servers-1.6.3-133.49.113.10.1 krb5-client-1.6.3-133.49.113.10.1 krb5-server-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): krb5-1.6.3-133.49.113.10.1 krb5-apps-clients-1.6.3-133.49.113.10.1 krb5-apps-servers-1.6.3-133.49.113.10.1 krb5-client-1.6.3-133.49.113.10.1 krb5-server-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.113.10.1 krb5-debugsource-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.113.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.113.10.1 References: https://bugzilla.suse.com/1056995 https://bugzilla.suse.com/1081725 https://bugzilla.suse.com/1114897 From sle-updates at lists.suse.com Fri Mar 1 04:13:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 12:13:07 +0100 (CET) Subject: SUSE-RU-2019:0522-1: moderate: Recommended update for libreoffice Message-ID: <20190301111307.A8E3CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0522-1 Rating: moderate References: #1079744 #1088266 #1095755 #1107012 #1110345 #1110348 #1112112 #1112113 #1112114 #1117195 #1117300 #1124658 #882383 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for libreoffice fixes the following issues: LibreOffice was updated to the 6.1.5.2 release, fixing lots of bugs. Various fixes were done in PPTX support: - SmartArt: Basic rendering of the Organizational Chart (bsc#1112114) - SmartArt: Basic rendering of Accent Process and Continuous Block Process (bsc#1112113) - Chart in PPTX lacks color and is too large (bsc#882383) - SmartArt: Basic rendering of several list types (bsc#1112112) - Charts having weird/darker/ugly background versus Office 365 and strange artefacts where overlapping (bsc#1110348) - PPTX Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1095755) - Chart showing numbers with post-comma digits versus rounded with Office 365 (bsc#1110345) - Font sizes and text position way off (too small,...) (bsc#1107012) Other fixes: - unoil.jar does not contain any content in LibreOffice 5.4.4.2 update (bsc#1079744) - Text on arc feature, export to PPTX (bsc#1088266) - Install also C++ libreofficekit headers bsc#1117195 - [DATA LOSS] Saving a new document can silently overwrite an existing document (bsc#1117300) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-522=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.1.5.2-3.10.3 libreoffice-icon-themes-6.1.5.2-3.10.3 libreoffice-l10n-af-6.1.5.2-3.10.3 libreoffice-l10n-ar-6.1.5.2-3.10.3 libreoffice-l10n-as-6.1.5.2-3.10.3 libreoffice-l10n-bg-6.1.5.2-3.10.3 libreoffice-l10n-bn-6.1.5.2-3.10.3 libreoffice-l10n-br-6.1.5.2-3.10.3 libreoffice-l10n-ca-6.1.5.2-3.10.3 libreoffice-l10n-cs-6.1.5.2-3.10.3 libreoffice-l10n-cy-6.1.5.2-3.10.3 libreoffice-l10n-da-6.1.5.2-3.10.3 libreoffice-l10n-de-6.1.5.2-3.10.3 libreoffice-l10n-dz-6.1.5.2-3.10.3 libreoffice-l10n-el-6.1.5.2-3.10.3 libreoffice-l10n-en-6.1.5.2-3.10.3 libreoffice-l10n-eo-6.1.5.2-3.10.3 libreoffice-l10n-es-6.1.5.2-3.10.3 libreoffice-l10n-et-6.1.5.2-3.10.3 libreoffice-l10n-eu-6.1.5.2-3.10.3 libreoffice-l10n-fa-6.1.5.2-3.10.3 libreoffice-l10n-fi-6.1.5.2-3.10.3 libreoffice-l10n-fr-6.1.5.2-3.10.3 libreoffice-l10n-ga-6.1.5.2-3.10.3 libreoffice-l10n-gl-6.1.5.2-3.10.3 libreoffice-l10n-gu-6.1.5.2-3.10.3 libreoffice-l10n-he-6.1.5.2-3.10.3 libreoffice-l10n-hi-6.1.5.2-3.10.3 libreoffice-l10n-hr-6.1.5.2-3.10.3 libreoffice-l10n-hu-6.1.5.2-3.10.3 libreoffice-l10n-it-6.1.5.2-3.10.3 libreoffice-l10n-ja-6.1.5.2-3.10.3 libreoffice-l10n-kk-6.1.5.2-3.10.3 libreoffice-l10n-kn-6.1.5.2-3.10.3 libreoffice-l10n-ko-6.1.5.2-3.10.3 libreoffice-l10n-lt-6.1.5.2-3.10.3 libreoffice-l10n-lv-6.1.5.2-3.10.3 libreoffice-l10n-mai-6.1.5.2-3.10.3 libreoffice-l10n-ml-6.1.5.2-3.10.3 libreoffice-l10n-mr-6.1.5.2-3.10.3 libreoffice-l10n-nb-6.1.5.2-3.10.3 libreoffice-l10n-nl-6.1.5.2-3.10.3 libreoffice-l10n-nn-6.1.5.2-3.10.3 libreoffice-l10n-nr-6.1.5.2-3.10.3 libreoffice-l10n-nso-6.1.5.2-3.10.3 libreoffice-l10n-or-6.1.5.2-3.10.3 libreoffice-l10n-pa-6.1.5.2-3.10.3 libreoffice-l10n-pl-6.1.5.2-3.10.3 libreoffice-l10n-pt_BR-6.1.5.2-3.10.3 libreoffice-l10n-pt_PT-6.1.5.2-3.10.3 libreoffice-l10n-ro-6.1.5.2-3.10.3 libreoffice-l10n-ru-6.1.5.2-3.10.3 libreoffice-l10n-si-6.1.5.2-3.10.3 libreoffice-l10n-sk-6.1.5.2-3.10.3 libreoffice-l10n-sl-6.1.5.2-3.10.3 libreoffice-l10n-sr-6.1.5.2-3.10.3 libreoffice-l10n-ss-6.1.5.2-3.10.3 libreoffice-l10n-st-6.1.5.2-3.10.3 libreoffice-l10n-sv-6.1.5.2-3.10.3 libreoffice-l10n-ta-6.1.5.2-3.10.3 libreoffice-l10n-te-6.1.5.2-3.10.3 libreoffice-l10n-th-6.1.5.2-3.10.3 libreoffice-l10n-tn-6.1.5.2-3.10.3 libreoffice-l10n-tr-6.1.5.2-3.10.3 libreoffice-l10n-ts-6.1.5.2-3.10.3 libreoffice-l10n-uk-6.1.5.2-3.10.3 libreoffice-l10n-ve-6.1.5.2-3.10.3 libreoffice-l10n-xh-6.1.5.2-3.10.3 libreoffice-l10n-zh_CN-6.1.5.2-3.10.3 libreoffice-l10n-zh_TW-6.1.5.2-3.10.3 libreoffice-l10n-zu-6.1.5.2-3.10.3 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libreoffice-6.1.5.2-3.10.3 libreoffice-base-6.1.5.2-3.10.3 libreoffice-base-debuginfo-6.1.5.2-3.10.3 libreoffice-base-drivers-postgresql-6.1.5.2-3.10.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.5.2-3.10.3 libreoffice-calc-6.1.5.2-3.10.3 libreoffice-calc-debuginfo-6.1.5.2-3.10.3 libreoffice-calc-extensions-6.1.5.2-3.10.3 libreoffice-debuginfo-6.1.5.2-3.10.3 libreoffice-debugsource-6.1.5.2-3.10.3 libreoffice-draw-6.1.5.2-3.10.3 libreoffice-draw-debuginfo-6.1.5.2-3.10.3 libreoffice-filters-optional-6.1.5.2-3.10.3 libreoffice-gnome-6.1.5.2-3.10.3 libreoffice-gnome-debuginfo-6.1.5.2-3.10.3 libreoffice-gtk3-6.1.5.2-3.10.3 libreoffice-gtk3-debuginfo-6.1.5.2-3.10.3 libreoffice-impress-6.1.5.2-3.10.3 libreoffice-impress-debuginfo-6.1.5.2-3.10.3 libreoffice-mailmerge-6.1.5.2-3.10.3 libreoffice-math-6.1.5.2-3.10.3 libreoffice-math-debuginfo-6.1.5.2-3.10.3 libreoffice-officebean-6.1.5.2-3.10.3 libreoffice-officebean-debuginfo-6.1.5.2-3.10.3 libreoffice-pyuno-6.1.5.2-3.10.3 libreoffice-pyuno-debuginfo-6.1.5.2-3.10.3 libreoffice-writer-6.1.5.2-3.10.3 libreoffice-writer-debuginfo-6.1.5.2-3.10.3 libreoffice-writer-extensions-6.1.5.2-3.10.3 libreofficekit-6.1.5.2-3.10.3 References: https://bugzilla.suse.com/1079744 https://bugzilla.suse.com/1088266 https://bugzilla.suse.com/1095755 https://bugzilla.suse.com/1107012 https://bugzilla.suse.com/1110345 https://bugzilla.suse.com/1110348 https://bugzilla.suse.com/1112112 https://bugzilla.suse.com/1112113 https://bugzilla.suse.com/1112114 https://bugzilla.suse.com/1117195 https://bugzilla.suse.com/1117300 https://bugzilla.suse.com/1124658 https://bugzilla.suse.com/882383 From sle-updates at lists.suse.com Fri Mar 1 07:18:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 15:18:19 +0100 (CET) Subject: SUSE-RU-2019:0525-1: moderate: Recommended update for openvswitch Message-ID: <20190301141819.C7EF3FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0525-1 Rating: moderate References: #1110865 #1112697 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: openvswitch was updated to the new upstream bugfix release 2.5.6 (bsc#1112697). Some of the changes are * odp-execute: Fix broken build with Clang as compiler. * netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH. * lex: Fix buffer overrun parsing overlong hexadecimal constants. * ovsdb-client: Fix a bug that uses wrong index * flow: Fix uninitialized flow fields in IPv6 error case. * meta-flow: Make "nw_frag" a synonym for "ip_frag". * odp-util: Don't attempt to write IPv6 flow label bits that don't exist. * daemon-unix: Use same name for original or restarted children. * utilities: Drop shebang from bash completion script * netdev-linux: Avoid division by 0 if kernel reports bad scheduler data. * pcap-file: Fix formatting of log message. * compat: Initialize IPv4 reassembly secret timer * ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command. * ofp-actions: Fix buffer overread in decode_LEARN_specs(). * ofp-actions: Avoid buffer overread in BUNDLE action decoding. * rconn: Suppress 'connected' log for unreliable connections. * rconn: Introduce new invariant to fix assertion failure in corner case. * ovs-vsctl: Fix segfault when attempting to del-port from parent bridge. * ovn: Fix tunnel id overflow. * bond: Fix bug that writes to freed memory * netdev: netdev_get_etheraddr is not functioning as advertised. * ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). * odp-util: Fix buffer overread in parsing string form of ODP flows. * ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). * ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply(). * ofproto-dpif-xlate: Always process IGMP packets in userspace. * ofp-util: Fix memory leaks when parsing OF1.5 group properties. * ofproto-dpif-upcall: Fix key attr iteration. * ofproto-dpif-upcall: Fix action attr iteration. * bridge: Avoid read of uninitialized data configuring Auto-Attach. * lacp: enable bond slave immediately after lacp attach * ofproto-dpif-xlate: Fixes for propagating state of conntrack. * ovsdb-types: Fix memory leak on error path. * ofp-util: fix memory leak in ofputil_pull_ofp11_buckets * ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). * ofp-print: Don't abort on unknown reason in role status message. * odp-util: Avoid misaligned references to ip6_hdr. * ofp-util: Initialize tunnel metadata for OpenFlow 1.0 matches. * extract-ofp-errors: Avoid unintentional sign extension in generated code. * flow: Fix buffer overread in flow_hash_symmetric_l3l4(). * ofp-print: Avoid array overread in print_table_instruction_features(). * dpif-netlink: Fix multiple-free and fd leak on error path. * bridge: Fix memory leak in bridge_aa_update_trunks(). * ofproto-dpif-xlate: Fix the memory leak in netflow. * rstp/stp: Unref the rstp/stp when bridges destroyed. * ofproto-dpif-xlate: Allow sending BFD messages when STP port is not forwarding. * pinsched: Update next_txq pointer when destroying pinqueue. * ofproto/bond: fix interal flow leak of tcp-balance bond * ofproto/bond: Fix bond post recirc rule leak. * ofproto/bond: Fix bond reconfiguration race condition. * ofproto/bond: Fix bond/show when all interfaces are disabled * ofproto/bond: Validate active-slave mac. * tnl-neigh-cache: Force revalidation for a new neighbor entry. * ofproto-dpif: Use acquire/release barriers with 'tables_version'. * dpif-netdev: Avoids repeated addition of DP_STAT_LOST. * rconn: Avoid abort for ill-behaved remote. * ofproto-dpif-ipfix: Fix assertion failure for bad configuration. * netdev-dpdk: Use instant sending instead of queueing of packets. * ovs-vswitchd: Avoid segfault for "netdev" datapath. * ofproto: Incorrect statistics will be increased * tunnel: set udp dst-port in tunnel metadata * ofproto-dpif: Always forward 'used' from the old_rule. * ofproto-dpif-xlate: Fix duplicate multicast packets * ofproto: Return the OFPC_BUNDLES bit in switch features reply. * tnl-ports: fix missing netdev_close * stream-ssl: Fix memory leak on error path. * dpif-netdev: Fix crash in dpif_netdev_execute(). * netdev-linux: double tagged packets should use 0x88a8 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-525=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-525=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-525=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-525=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-525=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openvswitch-2.5.6-25.15.9 openvswitch-debuginfo-2.5.6-25.15.9 openvswitch-debugsource-2.5.6-25.15.9 openvswitch-switch-2.5.6-25.15.9 openvswitch-switch-debuginfo-2.5.6-25.15.9 - SUSE OpenStack Cloud 7 (x86_64): openvswitch-dpdk-2.5.6-25.15.9 openvswitch-dpdk-debuginfo-2.5.6-25.15.9 openvswitch-dpdk-debugsource-2.5.6-25.15.9 openvswitch-dpdk-switch-2.5.6-25.15.9 openvswitch-dpdk-switch-debuginfo-2.5.6-25.15.9 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openvswitch-2.5.6-25.15.9 openvswitch-debuginfo-2.5.6-25.15.9 openvswitch-debugsource-2.5.6-25.15.9 openvswitch-switch-2.5.6-25.15.9 openvswitch-switch-debuginfo-2.5.6-25.15.9 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openvswitch-dpdk-2.5.6-25.15.9 openvswitch-dpdk-debuginfo-2.5.6-25.15.9 openvswitch-dpdk-debugsource-2.5.6-25.15.9 openvswitch-dpdk-switch-2.5.6-25.15.9 openvswitch-dpdk-switch-debuginfo-2.5.6-25.15.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openvswitch-2.5.6-25.15.9 openvswitch-debuginfo-2.5.6-25.15.9 openvswitch-debugsource-2.5.6-25.15.9 openvswitch-switch-2.5.6-25.15.9 openvswitch-switch-debuginfo-2.5.6-25.15.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): openvswitch-dpdk-2.5.6-25.15.9 openvswitch-dpdk-debuginfo-2.5.6-25.15.9 openvswitch-dpdk-debugsource-2.5.6-25.15.9 openvswitch-dpdk-switch-2.5.6-25.15.9 openvswitch-dpdk-switch-debuginfo-2.5.6-25.15.9 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openvswitch-2.5.6-25.15.9 openvswitch-debuginfo-2.5.6-25.15.9 openvswitch-debugsource-2.5.6-25.15.9 openvswitch-dpdk-2.5.6-25.15.9 openvswitch-dpdk-debuginfo-2.5.6-25.15.9 openvswitch-dpdk-debugsource-2.5.6-25.15.9 openvswitch-dpdk-switch-2.5.6-25.15.9 openvswitch-dpdk-switch-debuginfo-2.5.6-25.15.9 openvswitch-switch-2.5.6-25.15.9 openvswitch-switch-debuginfo-2.5.6-25.15.9 - SUSE Enterprise Storage 4 (x86_64): openvswitch-2.5.6-25.15.9 openvswitch-debuginfo-2.5.6-25.15.9 openvswitch-debugsource-2.5.6-25.15.9 openvswitch-dpdk-2.5.6-25.15.9 openvswitch-dpdk-debuginfo-2.5.6-25.15.9 openvswitch-dpdk-debugsource-2.5.6-25.15.9 openvswitch-dpdk-switch-2.5.6-25.15.9 openvswitch-dpdk-switch-debuginfo-2.5.6-25.15.9 openvswitch-switch-2.5.6-25.15.9 openvswitch-switch-debuginfo-2.5.6-25.15.9 References: https://bugzilla.suse.com/1110865 https://bugzilla.suse.com/1112697 From sle-updates at lists.suse.com Fri Mar 1 10:09:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:09:47 +0100 (CET) Subject: SUSE-SU-2019:0527-1: moderate: Security update for gdm Message-ID: <20190301170947.E042AFDF2@maintenance.suse.de> SUSE Security Update: Security update for gdm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0527-1 Rating: moderate References: #1112294 #1112578 #1113245 #1113700 #1120307 #1124628 Cross-References: CVE-2019-3825 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for gdm fixes the following issues: Security issue fixed: - CVE-2019-3825: Fixed a lock screen bypass when timed login was enabled (bsc#1124628). Other issues fixed: - GLX applications do not work well when the proprietary nvidia driver is used with a wayland session. Because of that this update disables wayland on that hardware (bsc#1112578). - Fixed an issue where gdm restart fails to kill user processes (bsc#1112294 and bsc#1113245). - Fixed a System halt in the screen with message "End of ORACLE section" (bsc#1120307). - Fixed an issue which did not allow the returning to text console when gdm is stopped (bsc#1113700). - Fixed an issue which was causing system hang during the load of gdm (bsc#1112578). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-527=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-527=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gdm-branding-upstream-3.26.2.1-13.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.19.2 gdm-debuginfo-3.26.2.1-13.19.2 gdm-debugsource-3.26.2.1-13.19.2 gdm-devel-3.26.2.1-13.19.2 libgdm1-3.26.2.1-13.19.2 libgdm1-debuginfo-3.26.2.1-13.19.2 typelib-1_0-Gdm-1_0-3.26.2.1-13.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gdm-lang-3.26.2.1-13.19.2 gdmflexiserver-3.26.2.1-13.19.2 References: https://www.suse.com/security/cve/CVE-2019-3825.html https://bugzilla.suse.com/1112294 https://bugzilla.suse.com/1112578 https://bugzilla.suse.com/1113245 https://bugzilla.suse.com/1113700 https://bugzilla.suse.com/1120307 https://bugzilla.suse.com/1124628 From sle-updates at lists.suse.com Fri Mar 1 10:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:11:21 +0100 (CET) Subject: SUSE-RU-2019:0529-1: moderate: Recommended update for cloud-netconfig Message-ID: <20190301171121.07567FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0529-1 Rating: moderate References: #1112822 #1118783 #1122013 #1123008 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-529=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-netconfig-azure-0.9-5.6.1 cloud-netconfig-ec2-0.9-5.6.1 References: https://bugzilla.suse.com/1112822 https://bugzilla.suse.com/1118783 https://bugzilla.suse.com/1122013 https://bugzilla.suse.com/1123008 From sle-updates at lists.suse.com Fri Mar 1 10:12:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:12:16 +0100 (CET) Subject: SUSE-RU-2019:0535-1: moderate: Recommended update for openstack-ironic-image Message-ID: <20190301171216.BA729FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ironic-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0535-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-ironic-image fixes the following issues: - Add suse.tmpsize parameter to manage /tmp size Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-535=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-535=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-535=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.3.1 openstack-ironic-image-x86_64-8.0.0-0.19.3.1 - SUSE OpenStack Cloud 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.3.1 openstack-ironic-image-x86_64-8.0.0-0.19.3.1 - HPE Helion Openstack 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.3.1 openstack-ironic-image-x86_64-8.0.0-0.19.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Fri Mar 1 10:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:12:47 +0100 (CET) Subject: SUSE-RU-2019:0532-1: moderate: Recommended update for console-setup, kbd Message-ID: <20190301171247.8E99FFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for console-setup, kbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0532-1 Rating: moderate References: #1122361 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-532=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-532=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): console-setup-1.134-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kbd-2.0.4-8.3.1 kbd-debuginfo-2.0.4-8.3.1 kbd-debugsource-2.0.4-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kbd-legacy-2.0.4-8.3.1 References: https://bugzilla.suse.com/1122361 From sle-updates at lists.suse.com Fri Mar 1 10:13:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:13:21 +0100 (CET) Subject: SUSE-RU-2019:0533-1: Recommended update for mirror Message-ID: <20190301171321.3C0D1FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for mirror ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0533-1 Rating: low References: #1123661 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mirror provides the following fix: - Remove a warning that dump() will no longer be available in Perl 5.30. (bsc#1123661) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-533=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mirror-2.9-3.6.1 References: https://bugzilla.suse.com/1123661 From sle-updates at lists.suse.com Fri Mar 1 10:13:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:13:56 +0100 (CET) Subject: SUSE-RU-2019:0530-1: moderate: Recommended update for cloud-netconfig Message-ID: <20190301171356.4BA35FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0530-1 Rating: moderate References: #1075484 #1112822 #1118783 #1122013 #1123008 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) - Remove dependency on udev-persistent-ifnames. (bsc#1075484) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-530=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-netconfig-azure-0.9-8.1 cloud-netconfig-ec2-0.9-8.1 References: https://bugzilla.suse.com/1075484 https://bugzilla.suse.com/1112822 https://bugzilla.suse.com/1118783 https://bugzilla.suse.com/1122013 https://bugzilla.suse.com/1123008 From sle-updates at lists.suse.com Fri Mar 1 10:14:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:14:55 +0100 (CET) Subject: SUSE-RU-2019:0531-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20190301171455.34094FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0531-1 Rating: moderate References: #1119137 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector provides the following fix: - sap-suse-cluster-connector was previously not shipped on SUSE Linux Enterprise Server 4 SAP 12 SP4. - Adjust detection of cluster resources, if multiple SAPInstance resource are found to get a proper smm handling. (bsc#1119137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-531=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-531=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-531=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-531=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sap-suse-cluster-connector-3.1.0-8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sap-suse-cluster-connector-3.1.0-8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sap-suse-cluster-connector-3.1.0-8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sap-suse-cluster-connector-3.1.0-8.1 References: https://bugzilla.suse.com/1119137 From sle-updates at lists.suse.com Fri Mar 1 10:15:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:15:31 +0100 (CET) Subject: SUSE-RU-2019:13967-1: Recommended update for openCryptoki Message-ID: <20190301171531.A3A0FFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13967-1 Rating: low References: #1007081 #1122340 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openCryptoki provides the following fixes: - Removed reference to pkcs1_startup from pkcsslotd. (bsc#1007081) - Make ICA token mechanism list initialization thread safe. (bsc#1122340) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openCryptoki-13967=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openCryptoki-13967=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openCryptoki-13967=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): openCryptoki-devel-3.2-0.22.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openCryptoki-3.2-0.22.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390 s390x x86_64): openCryptoki-3.2-0.22.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): openCryptoki-64bit-3.2-0.22.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 s390): openCryptoki-32bit-3.2-0.22.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openCryptoki-debuginfo-3.2-0.22.5.1 openCryptoki-debugsource-3.2-0.22.5.1 References: https://bugzilla.suse.com/1007081 https://bugzilla.suse.com/1122340 From sle-updates at lists.suse.com Fri Mar 1 10:16:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Mar 2019 18:16:13 +0100 (CET) Subject: SUSE-RU-2019:0528-1: important: Recommended update for gnome-shell Message-ID: <20190301171613.754EEFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0528-1 Rating: important References: #1093541 #1120178 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-shell and gsettings-desktop-schemas fixes the following issues: gnome-shell: - Fixes an issue where gnome-shell crashed and prevented booting into a GNOME environment (bsc#1120178) - Fixes a memory leak bug (bsc#1093541) gsettings-desktop-schemas: - Fixes an issue where gsettings-desktop-schemas crashed in combination with gnome-shell (bsc#1120178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-528=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-528=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-528=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-528=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): gnome-shell-calendar-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-calendar-debuginfo-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gnome-shell-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.13.1 gnome-shell-devel-3.26.2+20180130.0d9c74212-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gnome-shell-lang-3.26.2+20180130.0d9c74212-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gsettings-desktop-schemas-3.24.1-3.4.1 gsettings-desktop-schemas-devel-3.24.1-3.4.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gsettings-desktop-schemas-lang-3.24.1-3.4.1 References: https://bugzilla.suse.com/1093541 https://bugzilla.suse.com/1120178 From sle-updates at lists.suse.com Fri Mar 1 16:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Mar 2019 00:09:13 +0100 (CET) Subject: SUSE-RU-2019:0536-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20190301230913.A7671FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0536-1 Rating: moderate References: #1119137 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector provides the following fix: - Adjust detection of cluster resources, if multiple SAPInstance resource are found to get a proper smm handling. (bsc#1119137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-536=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sap-suse-cluster-connector-3.1.0-4.6.1 References: https://bugzilla.suse.com/1119137 From sle-updates at lists.suse.com Fri Mar 1 16:09:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Mar 2019 00:09:43 +0100 (CET) Subject: SUSE-SU-2019:0537-1: important: Security update for caasp-container-manifests, changelog-generator-data-sles12sp3-velum, kubernetes-salt, rubygem-aes_key_wrap, rubygem-json-jwt, sles12sp3-velum-image, velum Message-ID: <20190301230943.5827CFDF2@maintenance.suse.de> SUSE Security Update: Security update for caasp-container-manifests, changelog-generator-data-sles12sp3-velum, kubernetes-salt, rubygem-aes_key_wrap, rubygem-json-jwt, sles12sp3-velum-image, velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0537-1 Rating: important References: #1121145 #1121162 #1121165 #1121166 Cross-References: CVE-2018-1000539 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for caasp-container-manifests, changelog-generator-data-sles12sp3-velum, kubernetes-salt, rubygem-aes_key_wrap, rubygem-json-jwt, sles12sp3-velum-image, velum provides the following fixes: Security issue fixed in rubygem-json-jwt and velum: - CVE-2018-1000539: Fixed an improper verification of cryptographic signatures during the decryption of encrypted with AES-GCM JSON Web Tokens which could lead to a forged authentication tag. (bsc#1099243, bsc#1121166) caasp-container-manifests: - Disable the kubelet servers on the admin node. The admin node is not part of a k8s cluster, so enabling the endpoints for interaction by the user/api-server is not needed. Instead (only on the admin node) all endpoints (healthz and server) that are usually exposed by the kubelet are disabled. (bsc#1121145) kubernetes-salt: - haproxy: Block requests to /internal-api endpoint. The internal api endpoints expose sensitive data and thus should not be accessed via internet. This internal api was developed inside the velum project and haproxy was allowing requests to that endpoint. Velum listens on 0.0.0.0 and needs to block for that specific path. With this change any request to anything that starts with /internal-api is blocked. (bsc#1121162) velum: - Changed kubeconfig download from get to post request. The kubeconfig download request was previously done via GET request and the file content could be easily modified through url parameters. Changing from GET to POST method takes advantage of CSRF protection. (bsc#1121165) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.10-3.36.3 - SUSE CaaS Platform 3.0 (noarch): caasp-container-manifests-3.0.0+git_r297_c3bfc41-3.9.1 kubernetes-salt-3.0.0+git_r935_34ce12d-3.50.1 References: https://www.suse.com/security/cve/CVE-2018-1000539.html https://bugzilla.suse.com/1121145 https://bugzilla.suse.com/1121162 https://bugzilla.suse.com/1121165 https://bugzilla.suse.com/1121166 From sle-updates at lists.suse.com Sat Mar 2 12:06:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: 2 Mar 2019 20:06:17 +0100 Subject: Security Alert. Your accounts was compromised. You need change password! Message-ID: <7FBFF5585A3512F7377DD0D2BD9A7FBF@AF3BAYI6RX> Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $700 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 1GdSHQ4aE7zUD8HDqVJDEwU9dxn3LfJLMK After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Best regards! From sle-updates at lists.suse.com Mon Mar 4 13:09:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Mar 2019 21:09:19 +0100 (CET) Subject: SUSE-SU-2019:0541-1: important: Security update for the Linux Kernel Message-ID: <20190304200919.84EB6FDF3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0541-1 Rating: important References: #1012382 #1015336 #1015337 #1015340 #1019683 #1019695 #1020413 #1020645 #1023175 #1027260 #1027457 #1031492 #1042286 #1043083 #1046264 #1047487 #1048916 #1050549 #1065600 #1066223 #1068032 #1070805 #1078355 #1079935 #1086095 #1086423 #1086652 #1091405 #1093158 #1094244 #1094823 #1094973 #1096242 #1096281 #1099523 #1099810 #1100105 #1101557 #1102439 #1102660 #1102875 #1102877 #1102879 #1102882 #1102896 #1103097 #1103156 #1103257 #1103624 #1104098 #1104731 #1105428 #1106061 #1106105 #1106237 #1106240 #1106929 #1107385 #1107866 #1108145 #1108240 #1109272 #1109330 #1109695 #1109806 #1110286 #1111062 #1111174 #1111809 #1112246 #1112963 #1113412 #1113766 #1114190 #1114417 #1114475 #1114648 #1114763 #1114839 #1114871 #1114893 #1115431 #1115433 #1115440 #1115482 #1115709 #1116027 #1116183 #1116285 #1116336 #1116345 #1116497 #1116653 #1116841 #1116924 #1116950 #1116962 #1117108 #1117162 #1117165 #1117186 #1117562 #1117645 #1117744 #1118152 #1118316 #1118319 #1118505 #1118790 #1118798 #1118915 #1118922 #1118926 #1118930 #1118936 #1119204 #1119680 #1119714 #1119877 #1119946 #1119967 #1119970 #1120017 #1120046 #1120722 #1120743 #1120758 #1120902 #1120950 #1121239 #1121240 #1121241 #1121242 #1121275 #1121621 #1121726 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 #1123933 #1124166 #1124728 #1124732 #1124735 #1124775 #1124777 #1124780 #1124811 #1125000 #1125014 #1125446 #1125794 #1125796 #1125808 #1125809 #1125810 #1125892 #985031 Cross-References: CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-5391 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 148 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758) The following non-security bugs were fixed: - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p/net: put a lower bound on msize (bnc#1012382). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - acpi/lpss: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi/nfit: Fix ARS overflow continuation (bsc#1125000). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - acpi/power: Skip duplicate power resource references in _PRx (bnc#1012382). - acpi/processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382). - alpha: fix page fault handling for r16-r18 targets (bnc#1012382). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - ALSA: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: compress: Fix stop handling on compressed capture streams (bnc#1012382). - ALSA: control: Fix race between adding and removing a user element (bnc#1012382). - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - ALSA: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382). - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - ALSA: hda - Serialize codec registrations (bnc#1012382). - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382). - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ALSA: trident: Suppress gcc string warning (bnc#1012382). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382). - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arc: change defconfig defaults to ARCv2 (bnc#1012382). - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - arc: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - arc: perf: map generic branches to correct hardware condition (bnc#1012382). - arm64: Disable asm-operand-width warning for clang (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: dts: stratix10: Correct System Manager register size (bnc#1012382). - arm64: Enabled ENA (Amazon network driver) for arm64 - arm64: ftrace: do not adjust the LR value (bnc#1012382). - arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: kvm: Skip MMIO insn after emulation (bnc#1012382). - arm64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code (bsc#985031). - arm64: percpu: Initialize ret in the default case (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - arm64: remove no-op -p linker flag (bnc#1012382). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382). - arm: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - arm: dts: da850-evm: Correct the sound card name (bnc#1012382). - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382). - arm: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382). - arm: dts: mmp2: fix TWSI2 (bnc#1012382). - arm: fix mis-applied iommu identity check (bsc#1116924). - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382). - arm: kvm: fix building with gcc-8 (bsc#1121241). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - arm: pxa: avoid section mismatch warning (bnc#1012382). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382). - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - batman-adv: Force mac header to start of data on xmit (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (git-fixes). - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - btrfs: validate type when reading a chunk (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - can: bcm: check timer values before ktime conversion (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382). - checkstack.pl: fix for aarch64 (bnc#1012382). - cifs: Always resolve hostname before reconnecting (bnc#1012382). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382). - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - cifs: Fix separator when building path from dentry (bnc#1012382). - cifs: handle guest access errors to Windows shares (bnc#1012382). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - cifs: Limit memory used by lock request calls to a page (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017). - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382). - debugfs: fix debugfs_rename parameter checking (bnc#1012382). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - Documentation/network: reword kernel version reference (bnc#1012382). - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382). - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382). - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929) - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/modes: Prevent division by zero htotal (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - drm/vmwgfx: Fix setting of dma masks (bsc#1106929) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929) - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - edac: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - enic: fix checksum validation for IPv6 (bnc#1012382). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exec: load_script: do not blindly truncate shebang string (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move dir data flush to write checkpoint process (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: read page index before freeing (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - Fix kabi for "Ensure we commit after writeback is complete" (bsc#1111809). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - floppy: fix race condition in __floppy_read_block_0() (Git-fixes). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fork: record start_time late (bnc#1012382). - fs: add the fsnotify call to vfs_iter_write (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382). - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/epoll: drop ovflist branch prediction (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fs: fix lost error code in dio_complete (bsc#1117744). - fuse: call pipe_buf_release() under pipe lock (bnc#1012382). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: handle zero sized retrieve correctly (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpio: pl061: handle failed allocations (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929) - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - hid: debug: fix the ring buffer implementation (bnc#1012382). - hid: hiddev: fix potential Spectre v1 (bnc#1012382). - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382). - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c-axxia: check for error conditions first (bnc#1012382). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - IB/core: type promotion bug in rdma_rw_init_one_mr() (). - IB/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - ib/rxe: Fix incorrect cache cleanup in error flow (). - ib/rxe: replace kvfree with vfree (). - ib/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - inet: frags: add a pointer to struct netns_frags (bnc#1012382). - inet: frags: better deal with smp races (bnc#1012382). - inet: frags: break the 2GB limit for frags storage (bnc#1012382). - inet: frags: change inet_frags_init_net() return value (bnc#1012382). - inet: frags: do not clone skb in ip_expire() (bnc#1012382). - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382). - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382). - inet: frags: get rif of inet_frag_evicting() (bnc#1012382). - inet: frags: refactor ipfrag_init() (bnc#1012382). - inet: frags: refactor ipv6_frag_init() (bnc#1012382). - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382). - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382). - inet: frags: remove some helpers (bnc#1012382). - inet: frags: reorganize struct netns_frags (bnc#1012382). - inet: frags: use rhashtables for reassembly units (bnc#1012382). - Input: bma150 - register input device after setting private data (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382). - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - Input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - Input: restore EV_ABS ABS_RESERVED (bnc#1012382). - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - Input: xpad - add more third-party controllers (bnc#1012382). - Input: xpad - add PDP device id 0x02a4 (bnc#1012382). - Input: xpad - add product ID for Xbox One S pad (bnc#1012382). - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - Input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - Input: xpad - constify usb_device_id (bnc#1012382). - Input: xpad - correctly sort vendor id's (bnc#1012382). - Input: xpad - correct xbox one pad device name (bnc#1012382). - Input: xpad - do not depend on endpoint order (bnc#1012382). - Input: xpad - fix GPD Win 2 controller name (bnc#1012382). - Input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - Input: xpad - fix some coding style issues (bnc#1012382). - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - Input: xpad - handle "present" and "gone" correctly (bnc#1012382). - Input: xpad - move reporting xbox one home button to common function (bnc#1012382). - Input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - Input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - Input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - Input: xpad - remove unused function (bnc#1012382). - Input: xpad - restore LED state after device resume (bnc#1012382). - Input: xpad - simplify error condition in init_output (bnc#1012382). - Input: xpad - sort supported devices by USB ID (bnc#1012382). - Input: xpad - support some quirky Xbox One pads (bnc#1012382). - Input: xpad - sync supported devices with 360Controller (bnc#1012382). - Input: xpad - sync supported devices with XBCD (bnc#1012382). - Input: xpad - sync supported devices with xboxdrv (bnc#1012382). - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - Input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - Input: xpad - validate USB endpoint type during probe (bnc#1012382). - Input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - Input: xpad - xbox one elite controller support (bnc#1012382). - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ip: add helpers to process in-order fragments faster (bnc#1012382). - ipfrag: really prevent allocation on netns exit (bnc#1012382). - ip: frags: fix crash in ip_do_fragment() (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ip: process in-order fragments efficiently (bnc#1012382). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ip: use rb trees for IP frag queue (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: frags: precedence bug in ip_expire() (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: protect get_vaddr_frames (kabi). - kabi: protect linux/kfifo.h include in hid-debug (kabi). - kabi: protect struct azx (kabi). - kabi: protect struct cfs_bandwidth (kabi). - kabi: protect struct esp (kabi). - kabi: protect struct fuse_io_priv (kabi). - kabi: protect struct hda_bus (kabi). - kabi: protect __usb_get_extra_descriptor (kabi). - kabi: protect xen/xen-ops.h include in xlate_mmu.c (kabi). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes). - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382). - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: suppress packed-not-aligned warning for default setting only (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382). - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382). - kernel-source.spec: Align source numbering. - kernfs: Replace strncpy with memcpy (bnc#1012382). - keys: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - kvm/arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - kvm/arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - kvm/mmu: Fix race in emulated page table writes (bnc#1012382). - kvm/nvmx: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm/nvmx: Eliminate vmcs02 pool (bnc#1012382). - kvm/nvmx: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - kvm/ppc: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - kvm/svm: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - kvm/svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - kvm/vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - kvm/vmx: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166). - kvm/vmx: introduce alloc_loaded_vmcs (bnc#1012382). - kvm/vmx: make MSR bitmaps per-VCPU (bnc#1012382). - kvm/vmx: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166). - kvm/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - kvm/x86: fix empty-body warnings (bnc#1012382). - kvm/x86: Fix single-step debugging (bnc#1012382). - kvm/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - kvm/x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382). - kvm/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382). - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382). - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix ars_status output length calculation (bsc#1124777). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811). - libnvdimm: Use max contiguous area for namespace size (bsc#1124780). - lib/raid6: Fix arm64 test build (bnc#1012382). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - lsm: Check for NULL cred-security on free (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382). - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - md: batch flush requests (bsc#1119680). - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes). - md: fix invalid stored role for a disk (bnc#1012382). - md: fix invalid stored role for a disk - try2 (bnc#1012382). - md: reorder flag_bits to match upstream commits - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382). - mips: cm: reprime error cause (bnc#1012382). - mips: fix n32 compat_ipc_parse_version (bnc#1012382). - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled (bnc#1012382). - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382). - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, elf: handle vm_brk error (bnc#1012382). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382). - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm, slab: faster active and free stats (bsc#1116653, VM Performance). - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - modpost: validate symbol names also in find_elf_symbol (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - Move patches to sorted range, p1 - Move /proc/sys/vm/procfs-drop-fd-dentries to /proc/sys/fs/procfs-drop-fd-dentries (bsc#1086652) This was incorrectly put in /proc/sys/vm. - msi: Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: dp83640: expire old TX-skb (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382). - net: Fix usage of pskb_trim_rcsum (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - netrom: switch to sock timer API (bnc#1012382). - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net_sched: refetch skb protocol for each filter (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - net: systemport: Fix WoL with password after deep sleep (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - nfc: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfc: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382). - nfsd: Fix an Oops in free_session() (bnc#1012382). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382). - nfsv4.1: Fix the r/wsize checking (bnc#1012382). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: do not clear bh uptodate for block read (bnc#1012382). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382). - packet: Do not leak dev refcounts on error exit (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1106105). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382). - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382). - perf tools: Add Hygon Dhyana support (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382). - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382). - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382). - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810). - pm / devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes). - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path (git-fixes). - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io (git-fixes). - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc: handle RFI (exrfi and fallback area) and STF (exrfi). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/mm/radix: Use mm->task_size for boundary checking instead of addr_limit (bsc#1027457). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - Provide a temporary fix for STIBP on-by-default See bsc#1116497 for details. - pstore: Convert console write to use ->write_buf (bnc#1012382). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808). - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - Refresh patches.kabi/x86-cpufeature-preserve-numbers.patch. (bsc#1122651) - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" (bnc#1012382). - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: load_script: do not blindly truncate shebang string" (bnc#1012382). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bnc#1012382). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" (bnc#1012382). - Revert "loop: Fold __loop_release into loop_release" (bnc#1012382). - Revert "loop: Get rid of loop_index_mutex" (bnc#1012382). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)." The backport patch does not built properly. - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - rhashtable: Add rhashtable_lookup() (bnc#1012382). - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286). - rhashtable: add schedule points (bnc#1012382). - rhashtable: reorganize struct rhashtable layout (bnc#1012382). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/early: improve machine detection (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382). - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - sata_rcar: fix deferred probing (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_red: update backlog as well (bnc#1012382). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: Correct LCB RJT handling (bnc#1012382). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: mpt3sas: Add an I/O barrier (bsc#1117108). - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108). - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108). - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108). - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108). - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108). - scsi: mpt3sas: check command status before attempting abort (bsc#1117108). - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108). - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108). - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108). - scsi: mpt3sas: fix an out of bound write (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108). - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108). - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108). - scsi: mpt3sas: fix format overflow warning (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108). - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108). - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108). - scsi: mpt3sas: fix possible memory leak (bsc#1117108). - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108). - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108). - scsi: mpt3sas: Fix sparse warnings (bsc#1117108). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108). - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108). - scsi: mpt3sas: lockless command submission (bsc#1117108). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108). - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108). - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108). - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108). - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#1117108). - scsi: mpt3sas: remove redundant wmb (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108). - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108). - scsi: mpt3sas: set default value for cb_idx (bsc#1117108). - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108). - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108). - scsi: mpt3sas: simplify task management functions (bsc#1117108). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108). - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update MPI Headers (bsc#1117108). - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mpt3sas: use list_splice_init() (bsc#1117108). - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: fix race on sctp_id2asoc (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - selinux: fix GPF on invalid policy (bnc#1012382). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset (Git-fixes). - ser_gigaset: use container_of() instead of detour (bnc#1012382). - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - signal: Always notice exiting tasks (bnc#1012382). - signal: Better detection of synchronous signals (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382). - skge: potential memory corruption in skge_get_regs() (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - smack: fix access permissions for keyring (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - soc/tegra: Do not leak device tree node reference (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382). - staging: iio: ad7780: update voltage on read (bnc#1012382). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382). - staging: lustre: remove two build warnings (bnc#1012382). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - sunrpc: correct the computation for page_ptr when truncating (bnc#1012382). - sunrpc: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - sunrpc: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: fix cache_head leak due to queued request (bnc#1012382). - sunrpc: Fix leak of krb5p encode pages (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes). - swim: fix cleanup on setup error (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - test_hexdump: use memcpy instead of strncpy (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382). - timekeeping: Use proper seqcount initializer (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tipc: use destination length for copy string (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - tty/n_hdlc: fix __might_sleep warning (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382). - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382). - ucc_geth: Reset BQL queue when stopping device (bnc#1012382). - udf: Fix BUG on corrupted inode (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: make symbol 'uio_class_registered' static (git-fixes). - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Avoid marking pages with "changed protection" (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: dwc2: Remove unnecessary kfree (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382). - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: phy: am335x: fix race condition in _probe (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL668 series (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - video: clps711x-fb: release disp device node in probe() (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - vt: invoke notifier on screen size change (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86/a.out: Clear the dump structure initially (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/fpu: Add might_fault() to user_insn() (bnc#1012382). - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: validate template mode (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: checking for NULL instead of IS_ERR() (git-fixes). - xprtrdma: Disable pad optimization by default (git-fixes). - xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes). - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes). - xprtrdma: Fix Read chunk padding (git-fixes). - xprtrdma: Fix receive buffer accounting (git-fixes). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len (git-fixes). - xprtrdma: Serialize credit accounting again (git-fixes). - xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes). - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - yama: Check for pid death before checking ancestry (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). - xfrm: refine validation of template and selector families (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-541=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-541=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-541=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-541=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-541=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-extra-4.4.175-94.79.1 kernel-default-extra-debuginfo-4.4.175-94.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.175-94.79.1 kernel-obs-build-debugsource-4.4.175-94.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.175-94.79.1 kernel-default-base-4.4.175-94.79.1 kernel-default-base-debuginfo-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-devel-4.4.175-94.79.1 kernel-syms-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.175-94.79.1 kernel-macros-4.4.175-94.79.1 kernel-source-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.175-94.79.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.175-94.79.1 cluster-md-kmp-default-debuginfo-4.4.175-94.79.1 dlm-kmp-default-4.4.175-94.79.1 dlm-kmp-default-debuginfo-4.4.175-94.79.1 gfs2-kmp-default-4.4.175-94.79.1 gfs2-kmp-default-debuginfo-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 ocfs2-kmp-default-4.4.175-94.79.1 ocfs2-kmp-default-debuginfo-4.4.175-94.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-devel-4.4.175-94.79.1 kernel-default-extra-4.4.175-94.79.1 kernel-default-extra-debuginfo-4.4.175-94.79.1 kernel-syms-4.4.175-94.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.175-94.79.1 kernel-macros-4.4.175-94.79.1 kernel-source-4.4.175-94.79.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 References: https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1019683 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1027260 https://bugzilla.suse.com/1027457 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043083 https://bugzilla.suse.com/1046264 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1094973 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102439 https://bugzilla.suse.com/1102660 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113766 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114417 https://bugzilla.suse.com/1114475 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115482 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116285 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116497 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116924 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1116962 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117744 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118790 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118915 https://bugzilla.suse.com/1118922 https://bugzilla.suse.com/1118926 https://bugzilla.suse.com/1118930 https://bugzilla.suse.com/1118936 https://bugzilla.suse.com/1119204 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119877 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119967 https://bugzilla.suse.com/1119970 https://bugzilla.suse.com/1120017 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120950 https://bugzilla.suse.com/1121239 https://bugzilla.suse.com/1121240 https://bugzilla.suse.com/1121241 https://bugzilla.suse.com/1121242 https://bugzilla.suse.com/1121275 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124166 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124775 https://bugzilla.suse.com/1124777 https://bugzilla.suse.com/1124780 https://bugzilla.suse.com/1124811 https://bugzilla.suse.com/1125000 https://bugzilla.suse.com/1125014 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1125794 https://bugzilla.suse.com/1125796 https://bugzilla.suse.com/1125808 https://bugzilla.suse.com/1125809 https://bugzilla.suse.com/1125810 https://bugzilla.suse.com/1125892 https://bugzilla.suse.com/985031 From sle-updates at lists.suse.com Mon Mar 4 13:35:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Mar 2019 21:35:44 +0100 (CET) Subject: SUSE-SU-2019:0541-1: important: Security update for the Linux Kernel Message-ID: <20190304203544.4CFCBFDF2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0541-1 Rating: important References: #1012382 #1015336 #1015337 #1015340 #1019683 #1019695 #1020413 #1020645 #1023175 #1027260 #1027457 #1031492 #1042286 #1043083 #1046264 #1047487 #1048916 #1050549 #1065600 #1066223 #1068032 #1070805 #1078355 #1079935 #1086095 #1086423 #1086652 #1091405 #1093158 #1094244 #1094823 #1094973 #1096242 #1096281 #1099523 #1099810 #1100105 #1101557 #1102439 #1102660 #1102875 #1102877 #1102879 #1102882 #1102896 #1103097 #1103156 #1103257 #1103624 #1104098 #1104731 #1105428 #1106061 #1106105 #1106237 #1106240 #1106929 #1107385 #1107866 #1108145 #1108240 #1109272 #1109330 #1109695 #1109806 #1110286 #1111062 #1111174 #1111809 #1112246 #1112963 #1113412 #1113766 #1114190 #1114417 #1114475 #1114648 #1114763 #1114839 #1114871 #1114893 #1115431 #1115433 #1115440 #1115482 #1115709 #1116027 #1116183 #1116285 #1116336 #1116345 #1116497 #1116653 #1116841 #1116924 #1116950 #1116962 #1117108 #1117162 #1117165 #1117186 #1117562 #1117645 #1117744 #1118152 #1118316 #1118319 #1118505 #1118790 #1118798 #1118915 #1118922 #1118926 #1118930 #1118936 #1119204 #1119680 #1119714 #1119877 #1119946 #1119967 #1119970 #1120017 #1120046 #1120722 #1120743 #1120758 #1120902 #1120950 #1121239 #1121240 #1121241 #1121242 #1121275 #1121621 #1121726 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 #1123933 #1124166 #1124728 #1124732 #1124735 #1124775 #1124777 #1124780 #1124811 #1125000 #1125014 #1125446 #1125794 #1125796 #1125808 #1125809 #1125810 #1125892 #985031 Cross-References: CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-5391 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 148 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758) The following non-security bugs were fixed: - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p/net: put a lower bound on msize (bnc#1012382). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - acpi/lpss: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi/nfit: Fix ARS overflow continuation (bsc#1125000). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - acpi/power: Skip duplicate power resource references in _PRx (bnc#1012382). - acpi/processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382). - alpha: fix page fault handling for r16-r18 targets (bnc#1012382). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - ALSA: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: compress: Fix stop handling on compressed capture streams (bnc#1012382). - ALSA: control: Fix race between adding and removing a user element (bnc#1012382). - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - ALSA: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382). - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - ALSA: hda - Serialize codec registrations (bnc#1012382). - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382). - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ALSA: trident: Suppress gcc string warning (bnc#1012382). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382). - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arc: change defconfig defaults to ARCv2 (bnc#1012382). - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - arc: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - arc: perf: map generic branches to correct hardware condition (bnc#1012382). - arm64: Disable asm-operand-width warning for clang (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: dts: stratix10: Correct System Manager register size (bnc#1012382). - arm64: Enabled ENA (Amazon network driver) for arm64 - arm64: ftrace: do not adjust the LR value (bnc#1012382). - arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: kvm: Skip MMIO insn after emulation (bnc#1012382). - arm64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code (bsc#985031). - arm64: percpu: Initialize ret in the default case (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - arm64: remove no-op -p linker flag (bnc#1012382). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382). - arm: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - arm: dts: da850-evm: Correct the sound card name (bnc#1012382). - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382). - arm: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382). - arm: dts: mmp2: fix TWSI2 (bnc#1012382). - arm: fix mis-applied iommu identity check (bsc#1116924). - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382). - arm: kvm: fix building with gcc-8 (bsc#1121241). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - arm: pxa: avoid section mismatch warning (bnc#1012382). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382). - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - batman-adv: Force mac header to start of data on xmit (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (git-fixes). - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - btrfs: validate type when reading a chunk (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - can: bcm: check timer values before ktime conversion (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382). - checkstack.pl: fix for aarch64 (bnc#1012382). - cifs: Always resolve hostname before reconnecting (bnc#1012382). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382). - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - cifs: Fix separator when building path from dentry (bnc#1012382). - cifs: handle guest access errors to Windows shares (bnc#1012382). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - cifs: Limit memory used by lock request calls to a page (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017). - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382). - debugfs: fix debugfs_rename parameter checking (bnc#1012382). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - Documentation/network: reword kernel version reference (bnc#1012382). - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382). - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382). - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929) - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/modes: Prevent division by zero htotal (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - drm/vmwgfx: Fix setting of dma masks (bsc#1106929) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929) - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - edac: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - enic: fix checksum validation for IPv6 (bnc#1012382). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exec: load_script: do not blindly truncate shebang string (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move dir data flush to write checkpoint process (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: read page index before freeing (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - Fix kabi for "Ensure we commit after writeback is complete" (bsc#1111809). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - floppy: fix race condition in __floppy_read_block_0() (Git-fixes). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fork: record start_time late (bnc#1012382). - fs: add the fsnotify call to vfs_iter_write (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382). - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/epoll: drop ovflist branch prediction (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fs: fix lost error code in dio_complete (bsc#1117744). - fuse: call pipe_buf_release() under pipe lock (bnc#1012382). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: handle zero sized retrieve correctly (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpio: pl061: handle failed allocations (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929) - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - hid: debug: fix the ring buffer implementation (bnc#1012382). - hid: hiddev: fix potential Spectre v1 (bnc#1012382). - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382). - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c-axxia: check for error conditions first (bnc#1012382). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - IB/core: type promotion bug in rdma_rw_init_one_mr() (). - IB/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - ib/rxe: Fix incorrect cache cleanup in error flow (). - ib/rxe: replace kvfree with vfree (). - ib/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - inet: frags: add a pointer to struct netns_frags (bnc#1012382). - inet: frags: better deal with smp races (bnc#1012382). - inet: frags: break the 2GB limit for frags storage (bnc#1012382). - inet: frags: change inet_frags_init_net() return value (bnc#1012382). - inet: frags: do not clone skb in ip_expire() (bnc#1012382). - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382). - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382). - inet: frags: get rif of inet_frag_evicting() (bnc#1012382). - inet: frags: refactor ipfrag_init() (bnc#1012382). - inet: frags: refactor ipv6_frag_init() (bnc#1012382). - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382). - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382). - inet: frags: remove some helpers (bnc#1012382). - inet: frags: reorganize struct netns_frags (bnc#1012382). - inet: frags: use rhashtables for reassembly units (bnc#1012382). - Input: bma150 - register input device after setting private data (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382). - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - Input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - Input: restore EV_ABS ABS_RESERVED (bnc#1012382). - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - Input: xpad - add more third-party controllers (bnc#1012382). - Input: xpad - add PDP device id 0x02a4 (bnc#1012382). - Input: xpad - add product ID for Xbox One S pad (bnc#1012382). - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - Input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - Input: xpad - constify usb_device_id (bnc#1012382). - Input: xpad - correctly sort vendor id's (bnc#1012382). - Input: xpad - correct xbox one pad device name (bnc#1012382). - Input: xpad - do not depend on endpoint order (bnc#1012382). - Input: xpad - fix GPD Win 2 controller name (bnc#1012382). - Input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - Input: xpad - fix some coding style issues (bnc#1012382). - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - Input: xpad - handle "present" and "gone" correctly (bnc#1012382). - Input: xpad - move reporting xbox one home button to common function (bnc#1012382). - Input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - Input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - Input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - Input: xpad - remove unused function (bnc#1012382). - Input: xpad - restore LED state after device resume (bnc#1012382). - Input: xpad - simplify error condition in init_output (bnc#1012382). - Input: xpad - sort supported devices by USB ID (bnc#1012382). - Input: xpad - support some quirky Xbox One pads (bnc#1012382). - Input: xpad - sync supported devices with 360Controller (bnc#1012382). - Input: xpad - sync supported devices with XBCD (bnc#1012382). - Input: xpad - sync supported devices with xboxdrv (bnc#1012382). - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - Input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - Input: xpad - validate USB endpoint type during probe (bnc#1012382). - Input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - Input: xpad - xbox one elite controller support (bnc#1012382). - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ip: add helpers to process in-order fragments faster (bnc#1012382). - ipfrag: really prevent allocation on netns exit (bnc#1012382). - ip: frags: fix crash in ip_do_fragment() (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ip: process in-order fragments efficiently (bnc#1012382). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ip: use rb trees for IP frag queue (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: frags: precedence bug in ip_expire() (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: protect get_vaddr_frames (kabi). - kabi: protect linux/kfifo.h include in hid-debug (kabi). - kabi: protect struct azx (kabi). - kabi: protect struct cfs_bandwidth (kabi). - kabi: protect struct esp (kabi). - kabi: protect struct fuse_io_priv (kabi). - kabi: protect struct hda_bus (kabi). - kabi: protect __usb_get_extra_descriptor (kabi). - kabi: protect xen/xen-ops.h include in xlate_mmu.c (kabi). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes). - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382). - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: suppress packed-not-aligned warning for default setting only (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382). - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382). - kernel-source.spec: Align source numbering. - kernfs: Replace strncpy with memcpy (bnc#1012382). - keys: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - kvm/arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - kvm/arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - kvm/mmu: Fix race in emulated page table writes (bnc#1012382). - kvm/nvmx: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm/nvmx: Eliminate vmcs02 pool (bnc#1012382). - kvm/nvmx: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - kvm/ppc: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - kvm/svm: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - kvm/svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - kvm/vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - kvm/vmx: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166). - kvm/vmx: introduce alloc_loaded_vmcs (bnc#1012382). - kvm/vmx: make MSR bitmaps per-VCPU (bnc#1012382). - kvm/vmx: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166). - kvm/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - kvm/x86: fix empty-body warnings (bnc#1012382). - kvm/x86: Fix single-step debugging (bnc#1012382). - kvm/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - kvm/x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382). - kvm/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382). - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382). - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix ars_status output length calculation (bsc#1124777). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811). - libnvdimm: Use max contiguous area for namespace size (bsc#1124780). - lib/raid6: Fix arm64 test build (bnc#1012382). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - lsm: Check for NULL cred-security on free (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382). - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - md: batch flush requests (bsc#1119680). - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes). - md: fix invalid stored role for a disk (bnc#1012382). - md: fix invalid stored role for a disk - try2 (bnc#1012382). - md: reorder flag_bits to match upstream commits - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382). - mips: cm: reprime error cause (bnc#1012382). - mips: fix n32 compat_ipc_parse_version (bnc#1012382). - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled (bnc#1012382). - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382). - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, elf: handle vm_brk error (bnc#1012382). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382). - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm, slab: faster active and free stats (bsc#1116653, VM Performance). - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - modpost: validate symbol names also in find_elf_symbol (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - Move patches to sorted range, p1 - Move /proc/sys/vm/procfs-drop-fd-dentries to /proc/sys/fs/procfs-drop-fd-dentries (bsc#1086652) This was incorrectly put in /proc/sys/vm. - msi: Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: dp83640: expire old TX-skb (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382). - net: Fix usage of pskb_trim_rcsum (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - netrom: switch to sock timer API (bnc#1012382). - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net_sched: refetch skb protocol for each filter (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - net: systemport: Fix WoL with password after deep sleep (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - nfc: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfc: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382). - nfsd: Fix an Oops in free_session() (bnc#1012382). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382). - nfsv4.1: Fix the r/wsize checking (bnc#1012382). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: do not clear bh uptodate for block read (bnc#1012382). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382). - packet: Do not leak dev refcounts on error exit (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1106105). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382). - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382). - perf tools: Add Hygon Dhyana support (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382). - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382). - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382). - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810). - pm / devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes). - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path (git-fixes). - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io (git-fixes). - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc: handle RFI (exrfi and fallback area) and STF (exrfi). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/mm/radix: Use mm->task_size for boundary checking instead of addr_limit (bsc#1027457). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - Provide a temporary fix for STIBP on-by-default See bsc#1116497 for details. - pstore: Convert console write to use ->write_buf (bnc#1012382). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808). - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - Refresh patches.kabi/x86-cpufeature-preserve-numbers.patch. (bsc#1122651) - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" (bnc#1012382). - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: load_script: do not blindly truncate shebang string" (bnc#1012382). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bnc#1012382). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" (bnc#1012382). - Revert "loop: Fold __loop_release into loop_release" (bnc#1012382). - Revert "loop: Get rid of loop_index_mutex" (bnc#1012382). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)." The backport patch does not built properly. - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - rhashtable: Add rhashtable_lookup() (bnc#1012382). - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286). - rhashtable: add schedule points (bnc#1012382). - rhashtable: reorganize struct rhashtable layout (bnc#1012382). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/early: improve machine detection (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382). - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - sata_rcar: fix deferred probing (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_red: update backlog as well (bnc#1012382). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: Correct LCB RJT handling (bnc#1012382). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: mpt3sas: Add an I/O barrier (bsc#1117108). - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108). - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108). - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108). - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108). - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108). - scsi: mpt3sas: check command status before attempting abort (bsc#1117108). - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108). - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108). - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108). - scsi: mpt3sas: fix an out of bound write (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108). - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108). - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108). - scsi: mpt3sas: fix format overflow warning (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108). - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108). - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108). - scsi: mpt3sas: fix possible memory leak (bsc#1117108). - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108). - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108). - scsi: mpt3sas: Fix sparse warnings (bsc#1117108). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108). - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108). - scsi: mpt3sas: lockless command submission (bsc#1117108). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108). - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108). - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108). - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108). - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#1117108). - scsi: mpt3sas: remove redundant wmb (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108). - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108). - scsi: mpt3sas: set default value for cb_idx (bsc#1117108). - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108). - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108). - scsi: mpt3sas: simplify task management functions (bsc#1117108). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108). - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update MPI Headers (bsc#1117108). - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mpt3sas: use list_splice_init() (bsc#1117108). - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: fix race on sctp_id2asoc (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - selinux: fix GPF on invalid policy (bnc#1012382). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset (Git-fixes). - ser_gigaset: use container_of() instead of detour (bnc#1012382). - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - signal: Always notice exiting tasks (bnc#1012382). - signal: Better detection of synchronous signals (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382). - skge: potential memory corruption in skge_get_regs() (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - smack: fix access permissions for keyring (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - soc/tegra: Do not leak device tree node reference (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382). - staging: iio: ad7780: update voltage on read (bnc#1012382). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382). - staging: lustre: remove two build warnings (bnc#1012382). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - sunrpc: correct the computation for page_ptr when truncating (bnc#1012382). - sunrpc: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - sunrpc: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: fix cache_head leak due to queued request (bnc#1012382). - sunrpc: Fix leak of krb5p encode pages (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes). - swim: fix cleanup on setup error (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - test_hexdump: use memcpy instead of strncpy (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382). - timekeeping: Use proper seqcount initializer (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tipc: use destination length for copy string (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - tty/n_hdlc: fix __might_sleep warning (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382). - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382). - ucc_geth: Reset BQL queue when stopping device (bnc#1012382). - udf: Fix BUG on corrupted inode (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: make symbol 'uio_class_registered' static (git-fixes). - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Avoid marking pages with "changed protection" (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: dwc2: Remove unnecessary kfree (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382). - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: phy: am335x: fix race condition in _probe (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL668 series (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - video: clps711x-fb: release disp device node in probe() (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - vt: invoke notifier on screen size change (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86/a.out: Clear the dump structure initially (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/fpu: Add might_fault() to user_insn() (bnc#1012382). - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: validate template mode (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: checking for NULL instead of IS_ERR() (git-fixes). - xprtrdma: Disable pad optimization by default (git-fixes). - xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes). - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes). - xprtrdma: Fix Read chunk padding (git-fixes). - xprtrdma: Fix receive buffer accounting (git-fixes). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len (git-fixes). - xprtrdma: Serialize credit accounting again (git-fixes). - xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes). - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - yama: Check for pid death before checking ancestry (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). - xfrm: refine validation of template and selector families (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-541=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-541=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-541=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-541=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-541=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-541=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-extra-4.4.175-94.79.1 kernel-default-extra-debuginfo-4.4.175-94.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.175-94.79.1 kernel-obs-build-debugsource-4.4.175-94.79.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.175-94.79.1 kernel-default-base-4.4.175-94.79.1 kernel-default-base-debuginfo-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-devel-4.4.175-94.79.1 kernel-syms-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.175-94.79.1 kernel-macros-4.4.175-94.79.1 kernel-source-4.4.175-94.79.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.175-94.79.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_175-94_79-default-1-4.7.1 kgraft-patch-4_4_175-94_79-default-debuginfo-1-4.7.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.175-94.79.1 cluster-md-kmp-default-debuginfo-4.4.175-94.79.1 dlm-kmp-default-4.4.175-94.79.1 dlm-kmp-default-debuginfo-4.4.175-94.79.1 gfs2-kmp-default-4.4.175-94.79.1 gfs2-kmp-default-debuginfo-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 ocfs2-kmp-default-4.4.175-94.79.1 ocfs2-kmp-default-debuginfo-4.4.175-94.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 kernel-default-devel-4.4.175-94.79.1 kernel-default-extra-4.4.175-94.79.1 kernel-default-extra-debuginfo-4.4.175-94.79.1 kernel-syms-4.4.175-94.79.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.175-94.79.1 kernel-macros-4.4.175-94.79.1 kernel-source-4.4.175-94.79.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.175-94.79.1 kernel-default-debuginfo-4.4.175-94.79.1 kernel-default-debugsource-4.4.175-94.79.1 References: https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1019683 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1027260 https://bugzilla.suse.com/1027457 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043083 https://bugzilla.suse.com/1046264 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1094973 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102439 https://bugzilla.suse.com/1102660 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113766 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114417 https://bugzilla.suse.com/1114475 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115482 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116285 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116497 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116924 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1116962 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117744 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118790 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118915 https://bugzilla.suse.com/1118922 https://bugzilla.suse.com/1118926 https://bugzilla.suse.com/1118930 https://bugzilla.suse.com/1118936 https://bugzilla.suse.com/1119204 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119877 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119967 https://bugzilla.suse.com/1119970 https://bugzilla.suse.com/1120017 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120950 https://bugzilla.suse.com/1121239 https://bugzilla.suse.com/1121240 https://bugzilla.suse.com/1121241 https://bugzilla.suse.com/1121242 https://bugzilla.suse.com/1121275 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124166 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124775 https://bugzilla.suse.com/1124777 https://bugzilla.suse.com/1124780 https://bugzilla.suse.com/1124811 https://bugzilla.suse.com/1125000 https://bugzilla.suse.com/1125014 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1125794 https://bugzilla.suse.com/1125796 https://bugzilla.suse.com/1125808 https://bugzilla.suse.com/1125809 https://bugzilla.suse.com/1125810 https://bugzilla.suse.com/1125892 https://bugzilla.suse.com/985031 From sle-updates at lists.suse.com Mon Mar 4 13:55:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Mar 2019 21:55:26 +0100 (CET) Subject: SUSE-SU-2019:0540-1: important: Security update for obs-service-tar_scm Message-ID: <20190304205526.98100FDF2@maintenance.suse.de> SUSE Security Update: Security update for obs-service-tar_scm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0540-1 Rating: important References: #1076410 #1082696 #1105361 #1107507 #1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for obs-service-tar_scm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths (bsc#1105361) - CVE-2018-12474: Fixed an issue whereby crafted service parameters allowed for unexpected behaviour (bsc#1107507) - CVE-2018-12476: Fixed an issue whereby the outfilename parameter allowed to write files outside of package directory (bsc#1107944) Other bug fixes and changes made: - Prefer UTF-8 locale as output format for changes - added KankuFile - fix problems with unicode source files - added python-six to Requires in specfile - better encoding handling - fixes bsc#1082696 and bsc#1076410 - fix unicode in containers - move to python3 - added logging for better debugging changesgenerate - raise exception if no changesauthor given - Stop using @opensuse.org addresses to indicate a missing address - move argparse dep to -common package - allow submodule and ssl options in appimage - sync spec file as used in openSUSE:Tools project - check encoding problems for svn and print proper error msg - added new param '--locale' - separate service file installation in GNUmakefile - added glibc as Recommends in spec file - cleanup for broken svn caches - another fix for unicode problem in obs_scm - Final fix for unicode in filenames - Another attempt to fix unicode filenames in prep_tree_for_archive - Another attempt to fix unicode filenames in prep_tree_for_archive - fix bug with unicode filenames in prep_tree_for_archive - reuse _service*_servicedata/changes files from previous service runs - fix problems with unicode characters in commit messages for changeloggenerate - fix encoding issues if commit message contains utf8 char - revert encoding for old changes file - remove hardcoded utf-8 encodings - Add support for extract globbing - split pylint2 in GNUmakefile - fix check for "--reproducible" - create reproducible obscpio archives - fix regression from 44b3bee - Support also SSH urls for Git - check name/version option in obsinfo for slashes - check url for remote url - check symlinks in subdir parameter - check filename for slashes - disable follow_symlinks in extract feature - switch to obs_scm for this package - run download_files in appimage and snapcraft case - check --extract file path for parent dir - Fix parameter descriptions - changed os.removedirs -> shutil.rmtree - Adding information regarding the *package-metadata* option for the *tar* service The tar service is highly useful in combination with the *obscpio* service. After the fix for the metadata for the latter one, it is important to inform the users of the *tar* service that metadata is kept only if the flag *package-metadata* is enabled. Add the flag to the .service file for mentioning that. - Allow metadata packing for CPIO archives when desired As of now, metadata are always excluded from *obscpio* packages. This is because the *package-metadata* flag is ignored; this change (should) make *obscpio* aware of it. - improve handling of corrupt git cache directories - only do git stash save/pop if we have a non-empty working tree (#228) - don't allow DEBUG_TAR_SCM to change behaviour (#240) - add stub user docs in lieu of something proper (#238) - Remove clone_dir if clone fails - python-unittest2 is only required for the optional make check - move python-unittest2 dep to test suite only part (submission by olh) - Removing redundant pass statement - missing import for logging functions. - [backend] Adding http proxy support - python-unittest2 is only required for the optional make check - make installation of scm's optional - add a lot more detail to README - Git clone with --no-checkout in prepare_working_copy - Refactor and simplify git prepare_working_copy - Only use current dir if it actually looks like git (Fixes #202) - reactivate test_obscpio_extract_d - fix broken test create_archive - fix broken tests for broken-links - changed PREFIX in Gnumakefile to /usr - new cli option --skip-cleanup - fix for broken links - fix reference to snapcraft YAML file - fix docstring typo in TarSCM.scm.tar.fetch_upstream - acknowledge deficiencies in dev docs - wrap long lines in README Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-540=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-12473.html https://www.suse.com/security/cve/CVE-2018-12474.html https://www.suse.com/security/cve/CVE-2018-12476.html https://bugzilla.suse.com/1076410 https://bugzilla.suse.com/1082696 https://bugzilla.suse.com/1105361 https://bugzilla.suse.com/1107507 https://bugzilla.suse.com/1107944 From sle-updates at lists.suse.com Mon Mar 4 13:56:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Mar 2019 21:56:44 +0100 (CET) Subject: SUSE-SU-2019:0539-1: important: Security update for freerdp Message-ID: <20190304205644.C9DAFFDF2@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0539-1 Rating: important References: #1085416 #1087240 #1103557 #1104918 #1112028 #1116708 #1117963 #1117964 #1117965 #1117966 #1117967 #1120507 Cross-References: CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has four fixes is now available. Description: This update for freerdp to version 2.0.0~rc4 fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Other issues: - Upgraded to version 2.0.0-rc4 (FATE#326739) - Security and stability improvements, including bsc#1103557 and bsc#1112028 - gateway: multiple fixes and improvements - client/X11: support for rail (remote app) icons was added - The licensing code was re-worked: Per-device licenses are now saved on the client and used on re-connect: WARNING: this is a change in FreeRDP behavior regarding licensing. If the old behavior is required, or no licenses should be saved use the new command line option +old-license (gh#/FreeRDP/FreeRDP#4979) - Improved order handling - only orders that were enable during capability exchange are accepted. WARNING and NOTE: some servers do improperly send orders that weren't negotiated, for such cases the new command line option /relax-order-checks was added to disable the strict order checking. If connecting to xrdp the options /relax-order-checks *and* +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926) - Fixed automount issues - Fixed several audio and microphone related issues - Fixed X11 Right-Ctrl ungrab feature - Fixed race condition in rdpsnd channel server. - Disabled SSE2 for ARM and powerpc Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-539=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-539=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): freerdp-2.0.0~rc4-3.3.1 freerdp-debuginfo-2.0.0~rc4-3.3.1 freerdp-debugsource-2.0.0~rc4-3.3.1 freerdp-devel-2.0.0~rc4-3.3.1 libfreerdp2-2.0.0~rc4-3.3.1 libfreerdp2-debuginfo-2.0.0~rc4-3.3.1 libwinpr2-2.0.0~rc4-3.3.1 libwinpr2-debuginfo-2.0.0~rc4-3.3.1 winpr2-devel-2.0.0~rc4-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~rc4-3.3.1 freerdp-debugsource-2.0.0~rc4-3.3.1 freerdp-server-2.0.0~rc4-3.3.1 freerdp-server-debuginfo-2.0.0~rc4-3.3.1 freerdp-wayland-2.0.0~rc4-3.3.1 freerdp-wayland-debuginfo-2.0.0~rc4-3.3.1 libuwac0-0-2.0.0~rc4-3.3.1 libuwac0-0-debuginfo-2.0.0~rc4-3.3.1 uwac0-0-devel-2.0.0~rc4-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-0886.html https://www.suse.com/security/cve/CVE-2018-1000852.html https://www.suse.com/security/cve/CVE-2018-8784.html https://www.suse.com/security/cve/CVE-2018-8785.html https://www.suse.com/security/cve/CVE-2018-8786.html https://www.suse.com/security/cve/CVE-2018-8787.html https://www.suse.com/security/cve/CVE-2018-8788.html https://www.suse.com/security/cve/CVE-2018-8789.html https://bugzilla.suse.com/1085416 https://bugzilla.suse.com/1087240 https://bugzilla.suse.com/1103557 https://bugzilla.suse.com/1104918 https://bugzilla.suse.com/1112028 https://bugzilla.suse.com/1116708 https://bugzilla.suse.com/1117963 https://bugzilla.suse.com/1117964 https://bugzilla.suse.com/1117965 https://bugzilla.suse.com/1117966 https://bugzilla.suse.com/1117967 https://bugzilla.suse.com/1120507 From sle-updates at lists.suse.com Tue Mar 5 10:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:09:23 +0100 (CET) Subject: SUSE-SU-2019:0542-1: moderate: Security update for sssd Message-ID: <20190305170923.AB07DFDF3@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0542-1 Rating: moderate References: #1004220 #1087320 #1120852 #1121759 #1125277 Cross-References: CVE-2019-3811 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for sssd fixes the following issues: Security vulnerability addresed: - CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759) Other bug fixes and changes: - Install logrotate configuration (bsc#1004220) - Align systemd service file with upstream, run interactive and change service type to notify (bsc#1120852) - Fix sssd not starting in foreground mode (bsc#1125277) - Strip whitespaces in netgroup triples (bsc#1087320) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-542=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-542=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.15.1 libnfsidmap-sss-debuginfo-1.16.1-3.15.1 python3-ipa_hbac-1.16.1-3.15.1 python3-ipa_hbac-debuginfo-1.16.1-3.15.1 python3-sss-murmur-1.16.1-3.15.1 python3-sss-murmur-debuginfo-1.16.1-3.15.1 python3-sss_nss_idmap-1.16.1-3.15.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.15.1 sssd-dbus-1.16.1-3.15.1 sssd-dbus-debuginfo-1.16.1-3.15.1 sssd-debuginfo-1.16.1-3.15.1 sssd-debugsource-1.16.1-3.15.1 sssd-winbind-idmap-1.16.1-3.15.1 sssd-winbind-idmap-debuginfo-1.16.1-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.15.1 libipa_hbac0-1.16.1-3.15.1 libipa_hbac0-debuginfo-1.16.1-3.15.1 libsss_certmap-devel-1.16.1-3.15.1 libsss_certmap0-1.16.1-3.15.1 libsss_certmap0-debuginfo-1.16.1-3.15.1 libsss_idmap-devel-1.16.1-3.15.1 libsss_idmap0-1.16.1-3.15.1 libsss_idmap0-debuginfo-1.16.1-3.15.1 libsss_nss_idmap-devel-1.16.1-3.15.1 libsss_nss_idmap0-1.16.1-3.15.1 libsss_nss_idmap0-debuginfo-1.16.1-3.15.1 libsss_simpleifp-devel-1.16.1-3.15.1 libsss_simpleifp0-1.16.1-3.15.1 libsss_simpleifp0-debuginfo-1.16.1-3.15.1 python3-sssd-config-1.16.1-3.15.1 python3-sssd-config-debuginfo-1.16.1-3.15.1 sssd-1.16.1-3.15.1 sssd-ad-1.16.1-3.15.1 sssd-ad-debuginfo-1.16.1-3.15.1 sssd-dbus-1.16.1-3.15.1 sssd-dbus-debuginfo-1.16.1-3.15.1 sssd-debuginfo-1.16.1-3.15.1 sssd-debugsource-1.16.1-3.15.1 sssd-ipa-1.16.1-3.15.1 sssd-ipa-debuginfo-1.16.1-3.15.1 sssd-krb5-1.16.1-3.15.1 sssd-krb5-common-1.16.1-3.15.1 sssd-krb5-common-debuginfo-1.16.1-3.15.1 sssd-krb5-debuginfo-1.16.1-3.15.1 sssd-ldap-1.16.1-3.15.1 sssd-ldap-debuginfo-1.16.1-3.15.1 sssd-proxy-1.16.1-3.15.1 sssd-proxy-debuginfo-1.16.1-3.15.1 sssd-tools-1.16.1-3.15.1 sssd-tools-debuginfo-1.16.1-3.15.1 sssd-wbclient-1.16.1-3.15.1 sssd-wbclient-debuginfo-1.16.1-3.15.1 sssd-wbclient-devel-1.16.1-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.15.1 sssd-32bit-debuginfo-1.16.1-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-3811.html https://bugzilla.suse.com/1004220 https://bugzilla.suse.com/1087320 https://bugzilla.suse.com/1120852 https://bugzilla.suse.com/1121759 https://bugzilla.suse.com/1125277 From sle-updates at lists.suse.com Tue Mar 5 10:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:10:27 +0100 (CET) Subject: SUSE-RU-2019:0550-1: moderate: Recommended update for sapconf Message-ID: <20190305171027.B975CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0550-1 Rating: moderate References: #1111243 #1122741 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741) - log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-550=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): sapconf-4.2.2-7.6.1 References: https://bugzilla.suse.com/1111243 https://bugzilla.suse.com/1122741 From sle-updates at lists.suse.com Tue Mar 5 10:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:11:07 +0100 (CET) Subject: SUSE-RU-2019:0544-1: moderate: Recommended update for dracut Message-ID: <20190305171107.16F08FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0544-1 Rating: moderate References: #1125327 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-544=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-544=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.1-18.21.1 dracut-debugsource-044.1-18.21.1 dracut-tools-044.1-18.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dracut-044.1-18.21.1 dracut-debuginfo-044.1-18.21.1 dracut-debugsource-044.1-18.21.1 dracut-fips-044.1-18.21.1 dracut-ima-044.1-18.21.1 References: https://bugzilla.suse.com/1125327 From sle-updates at lists.suse.com Tue Mar 5 10:11:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:11:42 +0100 (CET) Subject: SUSE-RU-2019:0548-1: moderate: Recommended update for nvme-cli Message-ID: <20190305171142.EED74FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0548-1 Rating: moderate References: #1084379 #1103354 #1111286 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - fabrics: allow nr_io/write/poll_queues and queue size to discovery (bsc#1084379) - fabrics: do not use 'queue_size' and 'nr_io_queues' for discovery controller (bsc#1111286) - fabrics: mask out invalid options during discovery (bsc#1111286) - nvme: Document '-Q' and '-i' for discovery and connect-all - Add 71-nvme-iopolicy-netapp.rules (bsc1124564) - Add FC-NVMe autoconnect scripts (bsc#1103354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-548=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-7.11.1 nvme-cli-debuginfo-1.5-7.11.1 nvme-cli-debugsource-1.5-7.11.1 References: https://bugzilla.suse.com/1084379 https://bugzilla.suse.com/1103354 https://bugzilla.suse.com/1111286 From sle-updates at lists.suse.com Tue Mar 5 10:12:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:12:36 +0100 (CET) Subject: SUSE-RU-2019:0546-1: moderate: Recommended update for dracut Message-ID: <20190305171236.B5F0CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0546-1 Rating: moderate References: #1008352 #1013573 #1053248 #1055834 #1090884 #1098448 #1110519 #1112327 #1113712 #1119499 #1121251 #1124088 #1125327 #937555 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - 95iscsi: Handle qedi like bnx2i. (bsc#1113712) - 91zipl: Don't use contents of commented lines (bsc#1119499) - dracut-installkernel: Stop keeping old kernel files as .old. The .old kernel files are confusing grub2 which can't find a matching directory under /lib/modules. Furthermore, there is no guarantee that the new modules are fully compatible with the old kernel. If anything goes wrong with a new self-compiled kernel, the user can always boot back to the distribution kernel, so the .old backup files are not needed in the first place. (bsc#1112327) - 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask. (bsc#1055834) - Bring shell and all vital information to all ttys specified as console devices in emergency mode. (fate#325386, bsc#1053248, bsc#937555) - Fix displaying text on emergency consoles. (bsc#1124088) - Remove invalid "FONT_MAP=none" from vconsole.conf. (bsc#1013573) - Fix a missing space in example configs. (bsc#1121251) - Fix saving dumps to zFCP attached SCSI disks. (bsc#1008352) - Mark the DASD udev rules host-only and handle backslashes in paths for hostonly files. (bsc#1090884) - Add nfit module. (bsc#1110519) - Add a fix to override ACPI tables via initrd, a kernel config variable changed name. (bsc#1098448) - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-546=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-546=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dracut-044.1-114.25.1 dracut-debuginfo-044.1-114.25.1 dracut-debugsource-044.1-114.25.1 dracut-fips-044.1-114.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dracut-044.1-114.25.1 dracut-debuginfo-044.1-114.25.1 dracut-debugsource-044.1-114.25.1 - SUSE CaaS Platform ALL (x86_64): dracut-044.1-114.25.1 dracut-debuginfo-044.1-114.25.1 dracut-debugsource-044.1-114.25.1 - SUSE CaaS Platform 3.0 (x86_64): dracut-044.1-114.25.1 dracut-debuginfo-044.1-114.25.1 dracut-debugsource-044.1-114.25.1 References: https://bugzilla.suse.com/1008352 https://bugzilla.suse.com/1013573 https://bugzilla.suse.com/1053248 https://bugzilla.suse.com/1055834 https://bugzilla.suse.com/1090884 https://bugzilla.suse.com/1098448 https://bugzilla.suse.com/1110519 https://bugzilla.suse.com/1112327 https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1119499 https://bugzilla.suse.com/1121251 https://bugzilla.suse.com/1124088 https://bugzilla.suse.com/1125327 https://bugzilla.suse.com/937555 From sle-updates at lists.suse.com Tue Mar 5 10:15:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:15:45 +0100 (CET) Subject: SUSE-RU-2019:0547-1: important: Recommended update for dracut Message-ID: <20190305171545.E266FFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0547-1 Rating: important References: #1008352 #1019938 #1048551 #1104090 #1125327 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - Fix saving dumps to zFCP attached SCSI disks. (bsc#1008352) - Fix the task limit in emergency service and picking up files in /etc/multipath/conf.d. (bsc#1019938, bsc#1048551) - Add kernel-syms to packages to be removed by purge-kernels. (bsc#1104090) - Skip kernels that cannot be removed by purge-kernels due to dependencies and continue removing other kernels. (bsc#1104090) - Fix null-sized patches. (bsc#1019938) - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-547=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-547=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-547=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-547=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-547=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-547=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 dracut-fips-044.1-109.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 dracut-fips-044.1-109.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 dracut-fips-044.1-109.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 dracut-fips-044.1-109.37.1 - SUSE Enterprise Storage 4 (x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 dracut-fips-044.1-109.37.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dracut-044.1-109.37.1 dracut-debuginfo-044.1-109.37.1 dracut-debugsource-044.1-109.37.1 References: https://bugzilla.suse.com/1008352 https://bugzilla.suse.com/1019938 https://bugzilla.suse.com/1048551 https://bugzilla.suse.com/1104090 https://bugzilla.suse.com/1125327 From sle-updates at lists.suse.com Tue Mar 5 10:17:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:17:02 +0100 (CET) Subject: SUSE-RU-2019:0545-1: moderate: Recommended update for dracut Message-ID: <20190305171702.2F02AFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0545-1 Rating: moderate References: #1113712 #1124088 #1125327 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) - Correct fix for displaying text on emergency consoles (bsc#1124088) - 95iscsi: handle qedi like bnx2i (bsc#1113712) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-545=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-545=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-044.1-10.9.1 dracut-debuginfo-044.1-10.9.1 dracut-debugsource-044.1-10.9.1 dracut-fips-044.1-10.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-044.1-10.9.1 dracut-debuginfo-044.1-10.9.1 dracut-debugsource-044.1-10.9.1 References: https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1124088 https://bugzilla.suse.com/1125327 From sle-updates at lists.suse.com Tue Mar 5 10:17:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:17:48 +0100 (CET) Subject: SUSE-RU-2019:0543-1: Recommended update for NetworkManager Message-ID: <20190305171748.D53ECFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0543-1 Rating: low References: #1019813 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager fixes the following issues: - Drop previous patch that has side effects when geoclue is not installed. (bsc#1019813) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-543=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-543=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-543=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-543=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-543=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-543=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-543=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-543=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): NetworkManager-lang-1.0.12-13.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 typelib-1_0-NM-1_0-1.0.12-13.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 typelib-1_0-NM-1_0-1.0.12-13.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): NetworkManager-lang-1.0.12-13.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 NetworkManager-devel-1.0.12-13.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 NetworkManager-devel-1.0.12-13.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 libnm-glib-vpn1-1.0.12-13.9.1 libnm-glib-vpn1-debuginfo-1.0.12-13.9.1 libnm-glib4-1.0.12-13.9.1 libnm-glib4-debuginfo-1.0.12-13.9.1 libnm-util2-1.0.12-13.9.1 libnm-util2-debuginfo-1.0.12-13.9.1 libnm0-1.0.12-13.9.1 libnm0-debuginfo-1.0.12-13.9.1 typelib-1_0-NMClient-1_0-1.0.12-13.9.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 libnm-glib-vpn1-1.0.12-13.9.1 libnm-glib-vpn1-debuginfo-1.0.12-13.9.1 libnm-glib4-1.0.12-13.9.1 libnm-glib4-debuginfo-1.0.12-13.9.1 libnm-util2-1.0.12-13.9.1 libnm-util2-debuginfo-1.0.12-13.9.1 libnm0-1.0.12-13.9.1 libnm0-debuginfo-1.0.12-13.9.1 typelib-1_0-NMClient-1_0-1.0.12-13.9.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): NetworkManager-lang-1.0.12-13.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 libnm-glib-vpn1-1.0.12-13.9.1 libnm-glib-vpn1-debuginfo-1.0.12-13.9.1 libnm-glib4-1.0.12-13.9.1 libnm-glib4-debuginfo-1.0.12-13.9.1 libnm-util2-1.0.12-13.9.1 libnm-util2-debuginfo-1.0.12-13.9.1 libnm0-1.0.12-13.9.1 libnm0-debuginfo-1.0.12-13.9.1 typelib-1_0-NM-1_0-1.0.12-13.9.1 typelib-1_0-NMClient-1_0-1.0.12-13.9.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): NetworkManager-lang-1.0.12-13.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): NetworkManager-1.0.12-13.9.1 NetworkManager-debuginfo-1.0.12-13.9.1 NetworkManager-debugsource-1.0.12-13.9.1 libnm-glib-vpn1-1.0.12-13.9.1 libnm-glib-vpn1-debuginfo-1.0.12-13.9.1 libnm-glib4-1.0.12-13.9.1 libnm-glib4-debuginfo-1.0.12-13.9.1 libnm-util2-1.0.12-13.9.1 libnm-util2-debuginfo-1.0.12-13.9.1 libnm0-1.0.12-13.9.1 libnm0-debuginfo-1.0.12-13.9.1 typelib-1_0-NM-1_0-1.0.12-13.9.1 typelib-1_0-NMClient-1_0-1.0.12-13.9.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.9.1 References: https://bugzilla.suse.com/1019813 From sle-updates at lists.suse.com Tue Mar 5 10:18:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:18:21 +0100 (CET) Subject: SUSE-RU-2019:0549-1: moderate: Recommended update for nvme-cli Message-ID: <20190305171821.BFAD5FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0549-1 Rating: moderate References: #1084379 #1103354 #1105314 #1111286 #1111384 #1113400 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - fabrics: allow nr_io/write/poll_queues and queue size to discovery (bsc#1084379) - fabrics: do not use 'queue_size' and 'nr_io_queues' for discovery controller (bsc#1111286) - fabrics: mask out invalid options during discovery (bsc#1111286) - nvme: Document '-Q' and '-i' for discovery and connect-all - Add 71-nvme-iopolicy-netapp.rules (bsc1124564) - Add FC-NVMe autoconnect scripts (bsc#1103354) - nvme-ana-log: fixup compiler warning in show_ana_log() (bsc#1113400) - fabrics: make some arguments integers (bsc#1113400) - fabrics: don't fail empty discovery log page (bsc#1105314) - nvme: commonize subsystems info in a helper (bsc#1105314) - nvme-ioctl: retrieve log pages in 4k chunks (bsc#1105314) - nvme-discover: Re-check generation counter after log page transfer (bsc#1105314) - nvme: fixup ANA group descriptor offset (bsc#1111384) - nvme: introduce get_nvme_ctrl_attr() (bsc#1113400) - nvme: print out controller state for 'list-subsys' (bsc#1113400) - Update 'nvme-list-subsys: Add device name argument and print ANA state' Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-549=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-3.3.1 nvme-cli-debuginfo-1.5-3.3.1 nvme-cli-debugsource-1.5-3.3.1 References: https://bugzilla.suse.com/1084379 https://bugzilla.suse.com/1103354 https://bugzilla.suse.com/1105314 https://bugzilla.suse.com/1111286 https://bugzilla.suse.com/1111384 https://bugzilla.suse.com/1113400 From sle-updates at lists.suse.com Tue Mar 5 10:19:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Mar 2019 18:19:32 +0100 (CET) Subject: SUSE-RU-2019:0551-1: moderate: Recommended update for unar Message-ID: <20190305171932.DB4D1FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for unar ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0551-1 Rating: moderate References: #1110754 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for unar provides the following fix: - Add support for RAR self-extracting (SFX) archives. (bsc#1110754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-551=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): unar-1.10.1-4.3.1 unar-debuginfo-1.10.1-4.3.1 unar-debugsource-1.10.1-4.3.1 References: https://bugzilla.suse.com/1110754 From sle-updates at lists.suse.com Wed Mar 6 07:09:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 15:09:28 +0100 (CET) Subject: SUSE-SU-2019:0552-1: moderate: Security update for sssd Message-ID: <20190306140928.7CFA3FD4A@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0552-1 Rating: moderate References: #1039567 #1082568 #1121759 #976038 #977224 Cross-References: CVE-2019-3811 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for sssd fixes the following issues: Security vulnerability fixed: - CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759) Other bug fixes and changes: - Skip sdap_save_grpmem() if ignore_group_members is set. (bsc#1082568) - Only search for primary group if it is not already cached (bsc#1082568) - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. Spec patch authored by Josef Cejka. (bsc#1039567) to fix a segfault in sudo provider (bsc#977224). - Fix a segfault in sss_cache (bsc#976038). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-552=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libipa_hbac0-1.11.5.1-10.16.1 libipa_hbac0-debuginfo-1.11.5.1-10.16.1 libsss_idmap0-1.11.5.1-10.16.1 libsss_idmap0-debuginfo-1.11.5.1-10.16.1 libsss_sudo-1.11.5.1-10.16.1 libsss_sudo-debuginfo-1.11.5.1-10.16.1 python-sssd-config-1.11.5.1-10.16.1 python-sssd-config-debuginfo-1.11.5.1-10.16.1 sssd-1.11.5.1-10.16.1 sssd-ad-1.11.5.1-10.16.1 sssd-ad-debuginfo-1.11.5.1-10.16.1 sssd-debuginfo-1.11.5.1-10.16.1 sssd-debugsource-1.11.5.1-10.16.1 sssd-ipa-1.11.5.1-10.16.1 sssd-ipa-debuginfo-1.11.5.1-10.16.1 sssd-krb5-1.11.5.1-10.16.1 sssd-krb5-common-1.11.5.1-10.16.1 sssd-krb5-common-debuginfo-1.11.5.1-10.16.1 sssd-krb5-debuginfo-1.11.5.1-10.16.1 sssd-ldap-1.11.5.1-10.16.1 sssd-ldap-debuginfo-1.11.5.1-10.16.1 sssd-proxy-1.11.5.1-10.16.1 sssd-proxy-debuginfo-1.11.5.1-10.16.1 sssd-tools-1.11.5.1-10.16.1 sssd-tools-debuginfo-1.11.5.1-10.16.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): sssd-32bit-1.11.5.1-10.16.1 sssd-debuginfo-32bit-1.11.5.1-10.16.1 References: https://www.suse.com/security/cve/CVE-2019-3811.html https://bugzilla.suse.com/1039567 https://bugzilla.suse.com/1082568 https://bugzilla.suse.com/1121759 https://bugzilla.suse.com/976038 https://bugzilla.suse.com/977224 From sle-updates at lists.suse.com Wed Mar 6 07:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 15:10:41 +0100 (CET) Subject: SUSE-SU-2019:0556-1: moderate: Security update for sssd Message-ID: <20190306141041.EEB42FDEF@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0556-1 Rating: moderate References: #1004220 #1087320 #1098377 #1120852 #1121759 Cross-References: CVE-2018-10852 CVE-2019-3811 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallback_homedir returning '/' for empty home directories (CVE-2019-3811) (bsc#1121759) - Create sockets with right permissions (bsc#1098377, CVE-2018-10852) Other bug fixes and changes: - Install logrotate configuration (bsc#1004220) - Strip whitespaces in netgroup triples (bsc#1087320) - Align systemd service file with upstream * Run interactive and change service type to notify (bsc#1120852) * Replace deprecated '-f' and use '--logger' Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-556=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-556=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-556=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-4.3.2 libsss_idmap-devel-1.16.1-4.3.2 libsss_nss_idmap-devel-1.16.1-4.3.2 sssd-debuginfo-1.16.1-4.3.2 sssd-debugsource-1.16.1-4.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.3.2 libipa_hbac0-debuginfo-1.16.1-4.3.2 libsss_certmap0-1.16.1-4.3.2 libsss_certmap0-debuginfo-1.16.1-4.3.2 libsss_idmap0-1.16.1-4.3.2 libsss_idmap0-debuginfo-1.16.1-4.3.2 libsss_nss_idmap0-1.16.1-4.3.2 libsss_nss_idmap0-debuginfo-1.16.1-4.3.2 libsss_simpleifp0-1.16.1-4.3.2 libsss_simpleifp0-debuginfo-1.16.1-4.3.2 python-sssd-config-1.16.1-4.3.2 python-sssd-config-debuginfo-1.16.1-4.3.2 sssd-1.16.1-4.3.2 sssd-ad-1.16.1-4.3.2 sssd-ad-debuginfo-1.16.1-4.3.2 sssd-debuginfo-1.16.1-4.3.2 sssd-debugsource-1.16.1-4.3.2 sssd-ipa-1.16.1-4.3.2 sssd-ipa-debuginfo-1.16.1-4.3.2 sssd-krb5-1.16.1-4.3.2 sssd-krb5-common-1.16.1-4.3.2 sssd-krb5-common-debuginfo-1.16.1-4.3.2 sssd-krb5-debuginfo-1.16.1-4.3.2 sssd-ldap-1.16.1-4.3.2 sssd-ldap-debuginfo-1.16.1-4.3.2 sssd-proxy-1.16.1-4.3.2 sssd-proxy-debuginfo-1.16.1-4.3.2 sssd-tools-1.16.1-4.3.2 sssd-tools-debuginfo-1.16.1-4.3.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): sssd-32bit-1.16.1-4.3.2 sssd-debuginfo-32bit-1.16.1-4.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libipa_hbac0-1.16.1-4.3.2 libipa_hbac0-debuginfo-1.16.1-4.3.2 libsss_certmap0-1.16.1-4.3.2 libsss_certmap0-debuginfo-1.16.1-4.3.2 libsss_idmap0-1.16.1-4.3.2 libsss_idmap0-debuginfo-1.16.1-4.3.2 libsss_nss_idmap0-1.16.1-4.3.2 libsss_nss_idmap0-debuginfo-1.16.1-4.3.2 libsss_simpleifp0-1.16.1-4.3.2 libsss_simpleifp0-debuginfo-1.16.1-4.3.2 python-sssd-config-1.16.1-4.3.2 python-sssd-config-debuginfo-1.16.1-4.3.2 sssd-1.16.1-4.3.2 sssd-32bit-1.16.1-4.3.2 sssd-ad-1.16.1-4.3.2 sssd-ad-debuginfo-1.16.1-4.3.2 sssd-debuginfo-1.16.1-4.3.2 sssd-debuginfo-32bit-1.16.1-4.3.2 sssd-debugsource-1.16.1-4.3.2 sssd-ipa-1.16.1-4.3.2 sssd-ipa-debuginfo-1.16.1-4.3.2 sssd-krb5-1.16.1-4.3.2 sssd-krb5-common-1.16.1-4.3.2 sssd-krb5-common-debuginfo-1.16.1-4.3.2 sssd-krb5-debuginfo-1.16.1-4.3.2 sssd-ldap-1.16.1-4.3.2 sssd-ldap-debuginfo-1.16.1-4.3.2 sssd-proxy-1.16.1-4.3.2 sssd-proxy-debuginfo-1.16.1-4.3.2 sssd-tools-1.16.1-4.3.2 sssd-tools-debuginfo-1.16.1-4.3.2 References: https://www.suse.com/security/cve/CVE-2018-10852.html https://www.suse.com/security/cve/CVE-2019-3811.html https://bugzilla.suse.com/1004220 https://bugzilla.suse.com/1087320 https://bugzilla.suse.com/1098377 https://bugzilla.suse.com/1120852 https://bugzilla.suse.com/1121759 From sle-updates at lists.suse.com Wed Mar 6 07:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 15:11:48 +0100 (CET) Subject: SUSE-SU-2019:0555-1: important: Security update for mariadb Message-ID: <20190306141148.22365FD4A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0555-1 Rating: important References: #1013882 #1101676 #1101677 #1101678 #1103342 #1111858 #1111859 #1112368 #1112377 #1112384 #1112386 #1112391 #1112397 #1112404 #1112415 #1112417 #1112421 #1112432 #1112767 #1116686 #1118754 #1120041 #1122198 #1122475 #1127027 Cross-References: CVE-2016-9843 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2019-2510 CVE-2019-2537 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 6 fixes is now available. Description: This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed: - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) - CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) - CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) - Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10222-release-notes - https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-555=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-555=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.22-3.14.1 libmysqld19-10.2.22-3.14.1 libmysqld19-debuginfo-10.2.22-3.14.1 mariadb-10.2.22-3.14.1 mariadb-client-10.2.22-3.14.1 mariadb-client-debuginfo-10.2.22-3.14.1 mariadb-debuginfo-10.2.22-3.14.1 mariadb-debugsource-10.2.22-3.14.1 mariadb-tools-10.2.22-3.14.1 mariadb-tools-debuginfo-10.2.22-3.14.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mariadb-errormessages-10.2.22-3.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.22-3.14.1 mariadb-bench-debuginfo-10.2.22-3.14.1 mariadb-debuginfo-10.2.22-3.14.1 mariadb-debugsource-10.2.22-3.14.1 mariadb-galera-10.2.22-3.14.1 mariadb-test-10.2.22-3.14.1 mariadb-test-debuginfo-10.2.22-3.14.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3060.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3162.html https://www.suse.com/security/cve/CVE-2018-3173.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3185.html https://www.suse.com/security/cve/CVE-2018-3200.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3277.html https://www.suse.com/security/cve/CVE-2018-3282.html https://www.suse.com/security/cve/CVE-2018-3284.html https://www.suse.com/security/cve/CVE-2019-2510.html https://www.suse.com/security/cve/CVE-2019-2537.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1111858 https://bugzilla.suse.com/1111859 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112377 https://bugzilla.suse.com/1112384 https://bugzilla.suse.com/1112386 https://bugzilla.suse.com/1112391 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112404 https://bugzilla.suse.com/1112415 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 https://bugzilla.suse.com/1120041 https://bugzilla.suse.com/1122198 https://bugzilla.suse.com/1122475 https://bugzilla.suse.com/1127027 From sle-updates at lists.suse.com Wed Mar 6 10:09:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 18:09:39 +0100 (CET) Subject: SUSE-RU-2019:0560-1: moderate: Recommended update for yast2-registration Message-ID: <20190306170939.139FDFD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0560-1 Rating: moderate References: #1111419 #1125006 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Fixed "can't modify frozen String" crash (bsc#1125006) - CRLF control characters cannot be included in the registration code, added validation check (bsc#1111419) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-560=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-560=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-registration-4.0.50-3.26.1 - SUSE Linux Enterprise Installer 15 (noarch): yast2-registration-4.0.50-3.26.1 References: https://bugzilla.suse.com/1111419 https://bugzilla.suse.com/1125006 From sle-updates at lists.suse.com Wed Mar 6 10:10:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 18:10:25 +0100 (CET) Subject: SUSE-RU-2019:0558-1: moderate: Recommended update for cups Message-ID: <20190306171025.39620FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0558-1 Rating: moderate References: #1118118 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups fixes the following issues: - Fixed a cups crash when using utf8 filenames (bsc#1118118) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-558=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-558=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-558=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-558=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-558=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-558=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.23.1 cups-ddk-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-devel-1.7.5-20.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.23.1 cups-ddk-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-devel-1.7.5-20.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.23.1 cups-client-1.7.5-20.23.1 cups-client-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-libs-1.7.5-20.23.1 cups-libs-debuginfo-1.7.5-20.23.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): cups-libs-32bit-1.7.5-20.23.1 cups-libs-debuginfo-32bit-1.7.5-20.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.23.1 cups-client-1.7.5-20.23.1 cups-client-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-libs-1.7.5-20.23.1 cups-libs-debuginfo-1.7.5-20.23.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): cups-libs-32bit-1.7.5-20.23.1 cups-libs-debuginfo-32bit-1.7.5-20.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cups-1.7.5-20.23.1 cups-client-1.7.5-20.23.1 cups-client-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-libs-1.7.5-20.23.1 cups-libs-32bit-1.7.5-20.23.1 cups-libs-debuginfo-1.7.5-20.23.1 cups-libs-debuginfo-32bit-1.7.5-20.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-1.7.5-20.23.1 cups-client-1.7.5-20.23.1 cups-client-debuginfo-1.7.5-20.23.1 cups-debuginfo-1.7.5-20.23.1 cups-debugsource-1.7.5-20.23.1 cups-libs-1.7.5-20.23.1 cups-libs-32bit-1.7.5-20.23.1 cups-libs-debuginfo-1.7.5-20.23.1 cups-libs-debuginfo-32bit-1.7.5-20.23.1 References: https://bugzilla.suse.com/1118118 From sle-updates at lists.suse.com Wed Mar 6 10:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 18:11:03 +0100 (CET) Subject: SUSE-RU-2019:0557-1: moderate: Recommended update for aws-vpc-move-ip Message-ID: <20190306171103.B6910FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0557-1 Rating: moderate References: #1125138 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip fixes the following issues: - Add support for multiple VPC routing tables in the routing_tables parameter (bsc#1125138) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-557=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-557=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2019-557=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): aws-vpc-move-ip-0.2.20171113-5.11.1 - SUSE Linux Enterprise High Availability 12-SP2 (noarch): aws-vpc-move-ip-0.2.20171113-5.11.1 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): aws-vpc-move-ip-0.2.20171113-5.11.1 References: https://bugzilla.suse.com/1125138 From sle-updates at lists.suse.com Wed Mar 6 10:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 18:11:40 +0100 (CET) Subject: SUSE-RU-2019:0561-1: moderate: Recommended update for libtirpc Message-ID: <20190306171140.88BA2FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0561-1 Rating: moderate References: #1120689 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Adds a new option to enforce connection via protocol version 2 first (bsc#1120689) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-561=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-561=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-561=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-561=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-561=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-561=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-devel-1.0.1-17.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-devel-1.0.1-17.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libtirpc3-32bit-1.0.1-17.9.1 libtirpc3-debuginfo-32bit-1.0.1-17.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtirpc3-32bit-1.0.1-17.9.1 libtirpc3-debuginfo-32bit-1.0.1-17.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-32bit-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 libtirpc3-debuginfo-32bit-1.0.1-17.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-32bit-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 libtirpc3-debuginfo-32bit-1.0.1-17.9.1 - SUSE CaaS Platform ALL (x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 - SUSE CaaS Platform 3.0 (x86_64): libtirpc-debugsource-1.0.1-17.9.1 libtirpc-netconfig-1.0.1-17.9.1 libtirpc3-1.0.1-17.9.1 libtirpc3-debuginfo-1.0.1-17.9.1 References: https://bugzilla.suse.com/1120689 From sle-updates at lists.suse.com Wed Mar 6 10:12:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 18:12:21 +0100 (CET) Subject: SUSE-RU-2019:13968-1: moderate: Recommended update for multipath-tools Message-ID: <20190306171221.5B5F4FDEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13968-1 Rating: moderate References: #1111270 #1114771 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: - multipathd: Add delayed path reintegration (fate#326836, bsc#1114771, bsc#1111270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-multipath-tools-13968=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-multipath-tools-13968=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-123.8.1 multipath-tools-0.4.9-123.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): multipath-tools-debuginfo-0.4.9-123.8.1 multipath-tools-debugsource-0.4.9-123.8.1 References: https://bugzilla.suse.com/1111270 https://bugzilla.suse.com/1114771 From sle-updates at lists.suse.com Wed Mar 6 13:09:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Mar 2019 21:09:19 +0100 (CET) Subject: SUSE-SU-2019:0563-1: moderate: Security update for audit Message-ID: <20190306200919.7D287FDF3@maintenance.suse.de> SUSE Security Update: Security update for audit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0563-1 Rating: moderate References: #1042781 #1085003 #1125535 #941922 Cross-References: CVE-2015-5186 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-563=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-563=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-563=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.8.1-10.3.2 audit-devel-2.8.1-10.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): audit-2.8.1-10.3.2 audit-audispd-plugins-2.8.1-10.3.2 audit-audispd-plugins-debuginfo-2.8.1-10.3.2 audit-debuginfo-2.8.1-10.3.2 audit-debugsource-2.8.1-10.3.2 audit-secondary-debugsource-2.8.1-10.3.2 libaudit1-2.8.1-10.3.2 libaudit1-debuginfo-2.8.1-10.3.2 libauparse0-2.8.1-10.3.2 libauparse0-debuginfo-2.8.1-10.3.2 python2-audit-2.8.1-10.3.2 python2-audit-debuginfo-2.8.1-10.3.2 python3-audit-2.8.1-10.3.2 python3-audit-debuginfo-2.8.1-10.3.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libaudit1-32bit-2.8.1-10.3.2 libaudit1-debuginfo-32bit-2.8.1-10.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): audit-2.8.1-10.3.2 audit-debuginfo-2.8.1-10.3.2 audit-debugsource-2.8.1-10.3.2 audit-secondary-debugsource-2.8.1-10.3.2 libaudit1-2.8.1-10.3.2 libaudit1-32bit-2.8.1-10.3.2 libaudit1-debuginfo-2.8.1-10.3.2 libaudit1-debuginfo-32bit-2.8.1-10.3.2 libauparse0-2.8.1-10.3.2 libauparse0-debuginfo-2.8.1-10.3.2 References: https://www.suse.com/security/cve/CVE-2015-5186.html https://bugzilla.suse.com/1042781 https://bugzilla.suse.com/1085003 https://bugzilla.suse.com/1125535 https://bugzilla.suse.com/941922 From sle-updates at lists.suse.com Thu Mar 7 10:09:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Mar 2019 18:09:27 +0100 (CET) Subject: SUSE-RU-2019:0564-1: moderate: Recommended update for resource-agents Message-ID: <20190307170927.7CBB7FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0564-1 Rating: moderate References: #1125138 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Add support for multiple VPC routing tables in routing_tables parameter (bsc#1125138) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-564=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.3.3 resource-agents-4.1.9+git24.9b664917-3.3.3 resource-agents-debuginfo-4.1.9+git24.9b664917-3.3.3 resource-agents-debugsource-4.1.9+git24.9b664917-3.3.3 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.3.3 References: https://bugzilla.suse.com/1125138 From sle-updates at lists.suse.com Thu Mar 7 13:09:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Mar 2019 21:09:21 +0100 (CET) Subject: SUSE-RU-2019:0570-1: moderate: Recommended update for bind Message-ID: <20190307200921.B4D3AFDEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0570-1 Rating: moderate References: #1094236 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bind fixes the following issues: - Fixes dynamic DNS updates against samba and Microsoft DNS servers (bsc#1094236). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-570=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-570=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-570=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.8.1 bind-chrootenv-9.11.2-12.8.1 bind-debuginfo-9.11.2-12.8.1 bind-debugsource-9.11.2-12.8.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): bind-doc-9.11.2-12.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.8.1 bind-debugsource-9.11.2-12.8.1 bind-lwresd-9.11.2-12.8.1 bind-lwresd-debuginfo-9.11.2-12.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.8.1 bind-debugsource-9.11.2-12.8.1 bind-devel-9.11.2-12.8.1 bind-utils-9.11.2-12.8.1 bind-utils-debuginfo-9.11.2-12.8.1 libbind9-160-9.11.2-12.8.1 libbind9-160-debuginfo-9.11.2-12.8.1 libdns169-9.11.2-12.8.1 libdns169-debuginfo-9.11.2-12.8.1 libirs-devel-9.11.2-12.8.1 libirs160-9.11.2-12.8.1 libirs160-debuginfo-9.11.2-12.8.1 libisc166-9.11.2-12.8.1 libisc166-debuginfo-9.11.2-12.8.1 libisccc160-9.11.2-12.8.1 libisccc160-debuginfo-9.11.2-12.8.1 libisccfg160-9.11.2-12.8.1 libisccfg160-debuginfo-9.11.2-12.8.1 liblwres160-9.11.2-12.8.1 liblwres160-debuginfo-9.11.2-12.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-bind-9.11.2-12.8.1 References: https://bugzilla.suse.com/1094236 From sle-updates at lists.suse.com Thu Mar 7 13:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Mar 2019 21:09:54 +0100 (CET) Subject: SUSE-RU-2019:0566-1: moderate: Recommended update for yast2-registration Message-ID: <20190307200954.18DBBFD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0566-1 Rating: moderate References: #1125006 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration fixes the following issues: - Fixed a crash during service pack migration (bsc#1125006) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-566=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-566=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-registration-3.2.16.1-3.13.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-registration-3.2.16.1-3.13.2 References: https://bugzilla.suse.com/1125006 From sle-updates at lists.suse.com Thu Mar 7 13:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Mar 2019 21:10:27 +0100 (CET) Subject: SUSE-RU-2019:0569-1: moderate: Recommended update for python-boto Message-ID: <20190307201027.6F771FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-boto ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0569-1 Rating: moderate References: #1116204 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-boto fixes the following issues: python-boto was updated to version 2.49.0: * Import the latest CA Bundle from certifi (:issue:`3818`, :sha:`e4699cba`) * Fix to support uploads to KMS-encrypted buckets. (:issue:`3800`, :sha:`0a1d9040`) * Support fetching GCS bucket encryption metadata. (:issue:`3799`, :sha:`132b64d2`) * Update layer1.py (:issue:`3765`, :sha:`53340159`) * Fix tests/unit/glacier/test_writer.py to make work with pypy. (:issue:`3762`, :sha:`8402c5d6`) * Removed the upstream builtin root certificate data for trusted CAs, as SUSE ships them seperately. (bsc#1116204) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-569=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-569=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-569=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-boto-2.49.0-5.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): python2-boto-2.49.0-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-boto-2.49.0-5.3.1 References: https://bugzilla.suse.com/1116204 From sle-updates at lists.suse.com Thu Mar 7 13:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Mar 2019 21:11:03 +0100 (CET) Subject: SUSE-RU-2019:0567-1: moderate: Recommended update for arpwatch Message-ID: <20190307201103.BB926FDEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0567-1 Rating: moderate References: #1119851 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for arpwatch provides the following fix: - Prevent a memory leak in gethname. (bsc#1119851) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-567=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-567=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-5.3.1 arpwatch-debugsource-2.1a15-5.3.1 arpwatch-ethercodes-build-2.1a15-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-5.3.1 arpwatch-debuginfo-2.1a15-5.3.1 arpwatch-debugsource-2.1a15-5.3.1 References: https://bugzilla.suse.com/1119851 From sle-updates at lists.suse.com Thu Mar 7 16:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 00:09:48 +0100 (CET) Subject: SUSE-SU-2019:0571-1: moderate: Security update for file Message-ID: <20190307230948.E4BA3FD4A@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0571-1 Rating: moderate References: #1096974 #1096984 #1126117 #1126118 #1126119 Cross-References: CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-571=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-571=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): file-5.32-7.5.1 file-debuginfo-5.32-7.5.1 file-debugsource-5.32-7.5.1 file-devel-5.32-7.5.1 libmagic1-5.32-7.5.1 libmagic1-debuginfo-5.32-7.5.1 python2-magic-5.32-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): file-magic-5.32-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libmagic1-32bit-5.32-7.5.1 libmagic1-32bit-debuginfo-5.32-7.5.1 References: https://www.suse.com/security/cve/CVE-2018-10360.html https://www.suse.com/security/cve/CVE-2019-8905.html https://www.suse.com/security/cve/CVE-2019-8906.html https://www.suse.com/security/cve/CVE-2019-8907.html https://bugzilla.suse.com/1096974 https://bugzilla.suse.com/1096984 https://bugzilla.suse.com/1126117 https://bugzilla.suse.com/1126118 https://bugzilla.suse.com/1126119 From sle-updates at lists.suse.com Thu Mar 7 16:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 00:11:24 +0100 (CET) Subject: SUSE-RU-2019:0568-1: moderate: Recommended update for sapconf Message-ID: <20190307231124.540E2FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0568-1 Rating: moderate References: #1111243 #1122741 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741) - Log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-568=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-568=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-568=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-568=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-568=1 Package List: - SUSE OpenStack Cloud 7 (noarch): sapconf-4.1.14-33.23.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sapconf-4.1.14-33.23.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): sapconf-4.1.14-33.23.4 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): sapconf-4.1.14-33.23.4 - SUSE Enterprise Storage 4 (noarch): sapconf-4.1.14-33.23.4 References: https://bugzilla.suse.com/1111243 https://bugzilla.suse.com/1122741 From sle-updates at lists.suse.com Fri Mar 8 07:10:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 15:10:13 +0100 (CET) Subject: SUSE-SU-2019:0572-1: moderate: Security update for openssl-1_0_0 Message-ID: <20190308141013.65E34FDEF@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0572-1 Rating: moderate References: #1117951 #1127080 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-572=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-572=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-572=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.6.1 openssl-1_0_0-debuginfo-1.0.2p-3.6.1 openssl-1_0_0-debugsource-1.0.2p-3.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.6.1 libopenssl1_0_0-1.0.2p-3.6.1 libopenssl1_0_0-debuginfo-1.0.2p-3.6.1 libopenssl1_0_0-hmac-1.0.2p-3.6.1 openssl-1_0_0-1.0.2p-3.6.1 openssl-1_0_0-debuginfo-1.0.2p-3.6.1 openssl-1_0_0-debugsource-1.0.2p-3.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.6.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.6.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.6.1 libopenssl1_0_0-1.0.2p-3.6.1 libopenssl1_0_0-32bit-1.0.2p-3.6.1 libopenssl1_0_0-debuginfo-1.0.2p-3.6.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.6.1 openssl-1_0_0-1.0.2p-3.6.1 openssl-1_0_0-debuginfo-1.0.2p-3.6.1 openssl-1_0_0-debugsource-1.0.2p-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 From sle-updates at lists.suse.com Fri Mar 8 10:09:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 18:09:22 +0100 (CET) Subject: SUSE-SU-2019:0573-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Message-ID: <20190308170922.2268CFDEF@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0573-1 Rating: important References: #1001161 #1048046 #1051429 #1112980 #1114832 #1118897 #1118898 #1118899 #1121412 #1121967 #1124308 Cross-References: CVE-2016-9962 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 Affected Products: SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2019-573=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-573=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): containerd-1.2.2-16.14.2 docker-18.09.1_ce-98.34.2 docker-debuginfo-18.09.1_ce-98.34.2 docker-debugsource-18.09.1_ce-98.34.2 docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.2.2-16.14.2 docker-18.09.1_ce-98.34.2 docker-debuginfo-18.09.1_ce-98.34.2 docker-debugsource-18.09.1_ce-98.34.2 docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2711_2cfbf9b1f981-16.2 References: https://www.suse.com/security/cve/CVE-2016-9962.html https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1001161 https://bugzilla.suse.com/1048046 https://bugzilla.suse.com/1051429 https://bugzilla.suse.com/1112980 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121412 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1124308 From sle-updates at lists.suse.com Fri Mar 8 13:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 21:09:13 +0100 (CET) Subject: SUSE-RU-2019:0575-1: moderate: Recommended update for sapconf Message-ID: <20190308200913.E376CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0575-1 Rating: moderate References: #1111243 #1122741 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741) - Log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-575=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-575=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): sapconf-4.1.14-40.56.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): sapconf-4.1.14-40.56.3 References: https://bugzilla.suse.com/1111243 https://bugzilla.suse.com/1122741 From sle-updates at lists.suse.com Fri Mar 8 13:09:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 21:09:52 +0100 (CET) Subject: SUSE-SU-2019:0574-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190308200952.1FEB1FDF2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0574-1 Rating: important References: #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). Complete list of changes: https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/041223.ht ml Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-574=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-574=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-574=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.201-3.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.201-3.16.1 java-1_8_0-openjdk-debuginfo-1.8.0.201-3.16.1 java-1_8_0-openjdk-debugsource-1.8.0.201-3.16.1 java-1_8_0-openjdk-src-1.8.0.201-3.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.201-3.16.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.201-3.16.1 java-1_8_0-openjdk-debuginfo-1.8.0.201-3.16.1 java-1_8_0-openjdk-debugsource-1.8.0.201-3.16.1 java-1_8_0-openjdk-demo-1.8.0.201-3.16.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.201-3.16.1 java-1_8_0-openjdk-devel-1.8.0.201-3.16.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.201-3.16.1 java-1_8_0-openjdk-headless-1.8.0.201-3.16.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.201-3.16.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-updates at lists.suse.com Fri Mar 8 13:10:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Mar 2019 21:10:26 +0100 (CET) Subject: SUSE-RU-2019:0576-1: important: Recommended update for kubernetes-salt, velum Message-ID: <20190308201026.E375BFDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt, velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0576-1 Rating: important References: #1114832 #1117339 #1126208 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for kubernetes-salt and velum provides the following fixes: - Do not block updates on minions (bsc#1126208) - Make nodename appear first on the /etc/hosts file, because salt picks only that one (bsc#1117339) - Supportconfig consumes a lot of resources (bsc#1114832) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): docker-kubic-17.09.1_ce-7.9.1 docker-kubic-debuginfo-17.09.1_ce-7.9.1 docker-kubic-debugsource-17.09.1_ce-7.9.1 sles12-velum-image-3.1.11-3.39.3 - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r939_eeaed5c-3.53.1 References: https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1117339 https://bugzilla.suse.com/1126208 From sle-updates at lists.suse.com Mon Mar 11 08:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Mar 2019 15:09:23 +0100 (CET) Subject: SUSE-RU-2019:0577-1: important: Recommended update for apparmor Message-ID: <20190311140923.4351EFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0577-1 Rating: important References: #1123820 #1127073 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-577=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-577=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-577=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.2-7.12.1 apache2-mod_apparmor-debuginfo-2.12.2-7.12.1 apparmor-debugsource-2.12.2-7.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.12.1 ruby-apparmor-2.12.2-7.12.1 ruby-apparmor-debuginfo-2.12.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.12.1 apparmor-parser-2.12.2-7.12.1 apparmor-parser-debuginfo-2.12.2-7.12.1 libapparmor-debugsource-2.12.2-7.12.1 libapparmor-devel-2.12.2-7.12.1 libapparmor1-2.12.2-7.12.1 libapparmor1-debuginfo-2.12.2-7.12.1 pam_apparmor-2.12.2-7.12.1 pam_apparmor-debuginfo-2.12.2-7.12.1 perl-apparmor-2.12.2-7.12.1 perl-apparmor-debuginfo-2.12.2-7.12.1 python3-apparmor-2.12.2-7.12.1 python3-apparmor-debuginfo-2.12.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libapparmor1-32bit-2.12.2-7.12.1 libapparmor1-32bit-debuginfo-2.12.2-7.12.1 pam_apparmor-32bit-2.12.2-7.12.1 pam_apparmor-32bit-debuginfo-2.12.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): apparmor-abstractions-2.12.2-7.12.1 apparmor-docs-2.12.2-7.12.1 apparmor-parser-lang-2.12.2-7.12.1 apparmor-profiles-2.12.2-7.12.1 apparmor-utils-2.12.2-7.12.1 apparmor-utils-lang-2.12.2-7.12.1 References: https://bugzilla.suse.com/1123820 https://bugzilla.suse.com/1127073 From sle-updates at lists.suse.com Mon Mar 11 11:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Mar 2019 18:09:23 +0100 (CET) Subject: SUSE-SU-2019:0579-1: important: Security update for ovmf Message-ID: <20190311170923.7EA07FDF2@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0579-1 Rating: important References: #1127820 #1127821 #1127822 Cross-References: CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-579=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): ovmf-2017+git1492060560.b6d11d7c46-4.20.1 ovmf-tools-2017+git1492060560.b6d11d7c46-4.20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.20.1 qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.20.1 References: https://www.suse.com/security/cve/CVE-2018-12178.html https://www.suse.com/security/cve/CVE-2018-12180.html https://www.suse.com/security/cve/CVE-2018-3630.html https://bugzilla.suse.com/1127820 https://bugzilla.suse.com/1127821 https://bugzilla.suse.com/1127822 From sle-updates at lists.suse.com Mon Mar 11 11:10:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Mar 2019 18:10:10 +0100 (CET) Subject: SUSE-SU-2019:0580-1: important: Security update for ovmf Message-ID: <20190311171010.2C51AFDF2@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0580-1 Rating: important References: #1127820 #1127821 #1127822 Cross-References: CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-580=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.14.1 ovmf-tools-2017+git1510945757.b2662641d5-5.14.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.14.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.14.1 References: https://www.suse.com/security/cve/CVE-2018-12178.html https://www.suse.com/security/cve/CVE-2018-12180.html https://www.suse.com/security/cve/CVE-2018-3630.html https://bugzilla.suse.com/1127820 https://bugzilla.suse.com/1127821 https://bugzilla.suse.com/1127822 From sle-updates at lists.suse.com Mon Mar 11 11:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Mar 2019 18:10:53 +0100 (CET) Subject: SUSE-SU-2019:0581-1: important: Security update for ovmf Message-ID: <20190311171053.0B2E9FDF2@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0581-1 Rating: important References: #1127820 #1127821 #1127822 Cross-References: CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-581=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-581=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.8.3 ovmf-tools-2017+git1510945757.b2662641d5-3.8.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.8.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.8.3 References: https://www.suse.com/security/cve/CVE-2018-12178.html https://www.suse.com/security/cve/CVE-2018-12180.html https://www.suse.com/security/cve/CVE-2018-3630.html https://bugzilla.suse.com/1127820 https://bugzilla.suse.com/1127821 https://bugzilla.suse.com/1127822 From sle-updates at lists.suse.com Mon Mar 11 17:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 00:09:14 +0100 (CET) Subject: SUSE-SU-2019:0582-1: important: Security update for qemu Message-ID: <20190311230914.A8608FD10@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0582-1 Rating: important References: #1056334 #1056386 #1084604 #1113231 #1114957 #1116717 #1117275 #1119493 #1121600 #1123156 Cross-References: CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156) - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493) - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275) - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717) - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957) - CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386) - CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334) - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604) Other bug fixes and changes: - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) - Fix bad guest time after migration (bsc#1113231) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-582=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-582=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.28.1 qemu-block-curl-2.9.1-6.28.1 qemu-block-curl-debuginfo-2.9.1-6.28.1 qemu-block-iscsi-2.9.1-6.28.1 qemu-block-iscsi-debuginfo-2.9.1-6.28.1 qemu-block-ssh-2.9.1-6.28.1 qemu-block-ssh-debuginfo-2.9.1-6.28.1 qemu-debugsource-2.9.1-6.28.1 qemu-guest-agent-2.9.1-6.28.1 qemu-guest-agent-debuginfo-2.9.1-6.28.1 qemu-lang-2.9.1-6.28.1 qemu-tools-2.9.1-6.28.1 qemu-tools-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.28.1 qemu-block-rbd-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.28.1 qemu-ppc-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.28.1 qemu-arm-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.28.1 qemu-x86-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.28.1 qemu-seabios-1.10.2-6.28.1 qemu-sgabios-8-6.28.1 qemu-vgabios-1.10.2-6.28.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.28.1 qemu-s390-debuginfo-2.9.1-6.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.28.1 qemu-seabios-1.10.2-6.28.1 qemu-sgabios-8-6.28.1 qemu-vgabios-1.10.2-6.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.28.1 qemu-block-curl-2.9.1-6.28.1 qemu-block-curl-debuginfo-2.9.1-6.28.1 qemu-debugsource-2.9.1-6.28.1 qemu-kvm-2.9.1-6.28.1 qemu-tools-2.9.1-6.28.1 qemu-tools-debuginfo-2.9.1-6.28.1 qemu-x86-2.9.1-6.28.1 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.28.1 qemu-guest-agent-2.9.1-6.28.1 qemu-guest-agent-debuginfo-2.9.1-6.28.1 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.28.1 qemu-guest-agent-2.9.1-6.28.1 qemu-guest-agent-debuginfo-2.9.1-6.28.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-13673.html https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-18954.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2018-7858.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1056386 https://bugzilla.suse.com/1084604 https://bugzilla.suse.com/1113231 https://bugzilla.suse.com/1114957 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1121600 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Tue Mar 12 08:09:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 15:09:22 +0100 (CET) Subject: SUSE-RU-2019:0584-1: moderate: Recommended update for crowbar packages Message-ID: <20190312140922.08B4AFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0584-1 Rating: moderate References: #1112767 #1113107 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides crowbar fixes for the following issues: crowbar: - Upgrade: rabbitmq and epmd packages need to go in the right order crowbar-core: - Upgrade: Create update repositories with refresh enabled - Upgrade: Delay status switch after upgrade ends - Fix hound warning - Support RAID 0 - Package default upgrade timeouts file - apache2: enable sslsessioncache - upgrade: Update the repository names required for SOC9 - upgrade: Check for the correct file indicating postponed upgrade - upgrade: Block access to crowbar UI for both upgrade paths - upgrade: Add default upgrade timeouts file - upgrade: Call heat's migrate_properties_data after the upgrade - upgrade: Call nova online migration in a loop - upgrade: Restart nova-compute instead of relaoding via SIGHUP - upgrade: Let the upgrade library work with both 7-8 and 8-9 upgrades - upgrade: Fix check for ceph presence - upgrade: Map jsonapi for respond_to - upgrade: Finish only controllers step crowbar-ceph: - Adapt radosgw to keystone v3 - switch to stable/5.0-pike branch - radosgw: Generate slightly saner root RSA key - radosgw: Restart radosgw on cert (re-)creation crowbar-openstack: - ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107) - mysql: Do not set a custom logfile for mysqld (bsc#1112767) - mariadb: Remove installing the xtrabackup package - mysql: create .my.cnf in root home directory for mysql cmdline - neutron: scale up api workers on larger core envs - database: Fix backport schema migrations actualy safe for backporting Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-584=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-5.0+git.1548680871.201d7a49-3.9.1 crowbar-ceph-5.0+git.1546538227.6c6cde9-3.1 crowbar-devel-5.0+git.1548680871.201d7a49-3.9.1 crowbar-openstack-5.0+git.1550668971.0719acd6c-4.19.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1550057516.5fa11ed35-3.17.1 crowbar-core-branding-upstream-5.0+git.1550057516.5fa11ed35-3.17.1 References: https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1113107 From sle-updates at lists.suse.com Tue Mar 12 08:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 15:10:04 +0100 (CET) Subject: SUSE-RU-2019:0583-1: moderate: Recommended update for python-apicapi Message-ID: <20190312141004.3B54AFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-apicapi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0583-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-apicapi fixes the following issues: - Changes to singlespec for Cloud:OpenStack:Pike - switch install macro from %python_install to %python2_install - BuildRequires changed %{python_module oslo.config} to python-osloconfig since python3-osloconfig is not available - change to %check macro to run tests only in python2 env - changed %{python_files} to -n python-%{sname} - Disable test_api_config.TestConfigParse.test_parse_file because of intermittent failures. - Install license - Clean up with spec-cleaner - Install bash completion to proper dir - Run the tests and add all the required test dependencies - Update to 1.6.0: 1.0 series seem to work with oslo < 4.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-583=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-583=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-583=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-apicapi-1.6.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-apicapi-1.6.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-apicapi-1.6.0-3.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Tue Mar 12 11:10:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 18:10:40 +0100 (CET) Subject: SUSE-RU-2019:0591-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190312171040.7F689FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0591-1 Rating: moderate References: #1127389 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) spacewalk-backend: - Make reposync use and append token correctly to the URL - Added 'mgr-sign-metadata-ctl' for repository metadata signing Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-591=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-591=1 Package List: - SUSE Manager Tools 15 (noarch): python3-spacewalk-backend-libs-2.8.57.9-3.12.1 spacecmd-2.8.25.9-3.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): spacecmd-2.8.25.9-3.15.1 spacewalk-backend-2.8.57.9-3.12.1 spacewalk-backend-app-2.8.57.9-3.12.1 spacewalk-backend-applet-2.8.57.9-3.12.1 spacewalk-backend-cdn-2.8.57.9-3.12.1 spacewalk-backend-config-files-2.8.57.9-3.12.1 spacewalk-backend-config-files-common-2.8.57.9-3.12.1 spacewalk-backend-config-files-tool-2.8.57.9-3.12.1 spacewalk-backend-iss-2.8.57.9-3.12.1 spacewalk-backend-iss-export-2.8.57.9-3.12.1 spacewalk-backend-libs-2.8.57.9-3.12.1 spacewalk-backend-package-push-server-2.8.57.9-3.12.1 spacewalk-backend-server-2.8.57.9-3.12.1 spacewalk-backend-sql-2.8.57.9-3.12.1 spacewalk-backend-sql-oracle-2.8.57.9-3.12.1 spacewalk-backend-sql-postgresql-2.8.57.9-3.12.1 spacewalk-backend-tools-2.8.57.9-3.12.1 spacewalk-backend-xml-export-libs-2.8.57.9-3.12.1 spacewalk-backend-xmlrpc-2.8.57.9-3.12.1 References: https://bugzilla.suse.com/1127389 From sle-updates at lists.suse.com Tue Mar 12 11:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 18:11:14 +0100 (CET) Subject: SUSE-RU-2019:0592-1: moderate: Recommended update for Salt Message-ID: <20190312171114.D8496FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0592-1 Rating: moderate References: #1122663 #1123865 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't call zypper with more than one --no-refresh parameter (bsc#1123865) - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-592=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-592=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-592=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-592=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-592=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-592=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2019-592=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-592=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-592=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-592=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-46.59.1 python3-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.59.1 python3-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-api-2018.3.0-46.59.1 salt-cloud-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-master-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 salt-proxy-2018.3.0-46.59.1 salt-ssh-2018.3.0-46.59.1 salt-syndic-2018.3.0-46.59.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2018.3.0-46.59.1 salt-zsh-completion-2018.3.0-46.59.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.59.1 python3-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-api-2018.3.0-46.59.1 salt-cloud-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-master-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 salt-proxy-2018.3.0-46.59.1 salt-ssh-2018.3.0-46.59.1 salt-syndic-2018.3.0-46.59.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2018.3.0-46.59.1 salt-zsh-completion-2018.3.0-46.59.1 - SUSE Manager Server 3.0 (s390x x86_64): python2-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-api-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-master-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 salt-proxy-2018.3.0-46.59.1 salt-ssh-2018.3.0-46.59.1 salt-syndic-2018.3.0-46.59.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2018.3.0-46.59.1 salt-zsh-completion-2018.3.0-46.59.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2018.3.0-46.59.1 python3-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2018.3.0-46.59.1 python3-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2018.3.0-46.59.1 salt-zsh-completion-2018.3.0-46.59.1 - SUSE Manager Proxy 3.0 (x86_64): python2-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-api-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-master-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 salt-proxy-2018.3.0-46.59.1 salt-ssh-2018.3.0-46.59.1 salt-syndic-2018.3.0-46.59.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-api-2018.3.0-46.59.1 salt-cloud-2018.3.0-46.59.1 salt-doc-2018.3.0-46.59.1 salt-master-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 salt-proxy-2018.3.0-46.59.1 salt-ssh-2018.3.0-46.59.1 salt-syndic-2018.3.0-46.59.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2018.3.0-46.59.1 salt-zsh-completion-2018.3.0-46.59.1 - SUSE CaaS Platform 3.0 (x86_64): python2-salt-2018.3.0-46.59.1 salt-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2018.3.0-46.59.1 salt-minion-2018.3.0-46.59.1 References: https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1123865 From sle-updates at lists.suse.com Tue Mar 12 14:09:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:09:21 +0100 (CET) Subject: SUSE-RU-2019:0589-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20190312200921.8EA11FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0589-1 Rating: moderate References: #1111308 #1111686 #1111810 #1114059 #1118100 #1118213 #1118492 #1119081 #1119964 #1121787 #1121856 #1122770 #1122836 #1122896 #1123019 #1123189 #1123989 #1123991 #1124013 #1124639 #1125451 #1125456 #1125492 #1126280 #1126862 #1127389 #1127488 #1127706 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 28 recommended fixes can now be installed. Description: This update includes the following new features: - Enable support for Ubuntu minions as technical preview (fate#324534, fate#326848, fate#326811) This update fixes the following issues: cobbler: - Fix for SUSE distribution detection in ISO building (bsc#1123991) netty: - No change release to fix the repositories salt-netapi-client: - Make salt-netapi-client compatible with JDK 1.8 and JDK 11 spacecmd: - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) spacewalk-backend: - Make sure the package download url does not have '//' (bsc#1127488) - Make reposync use and append token correctly to the URL - Added 'mgr-sign-metadata-ctl' for repository metadata signing - Fix typo in syncing product extensions (bsc#1118492) spacewalk-branding: - Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081) spacewalk-config: - Add rewrite rules for .deb repository metadata paths spacewalk-java: - Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492) - Change default image download protocol from tftp to ftp - Fix a problem when cloning public child channels with a private base channel (bsc#1124639) - Prevent crash of mgr-sync refresh when channel label could not be found (bsc#1125451) - Keep assigned channels on traditional to minion migration (bsc#1122836) - Add support for Ubuntu minions (fate#324534, fate#326848, fate#326811) - Fix/enhance Debian/Ubuntu repository generation - Implement HTTP token authentication for Ubuntu clients - Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213) - Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856) - Add configurable option to auto deploy new tokens (bsc#1123019) - Show beta products if a beta subscription is available (bsc#1123189) - Merge unlimited virtualization lifecycle products with the single variant (bsc#1114059) - Improve performance for granting and revoking permissions to user for groups (bsc#1111810) - Fix for duplicate key violation when cloning erratas that have no packages associated (bsc#1111686) - Update spec file to no longer install tomcat context file in cache directory (bsc#1111308) spacewalk-web: - Sort activation key list on create image profile page (bsc#1122770) - Sort channel lists on the product page of the setup wizard - Sort activation key list on bootstrap page (bsc#1122770) - Remove RH-specific warning message (bsc#1118100) - Fix initializing of the datetime picker (bsc#1126862) susemanager: - Add `python-setuptools` package dependency to SLES12 bootstrap repo (bsc#1119964) - Add configurable option to auto deploy new tokens (bsc#1123019) - Fix broken shebang in postgresql migration scripts - Ensure POSTGRES_LANG is correctly set (bsc#1121787) susemanager-docs_en: - Update text and image files. - Clarification about syncing support (bsc#1124013). - Replace SCC screen shot. - Improve Salt configuration channel description. - Add "spacewalk-report" documentation (from 2.1). - Fix image build host version numbers. susemanager-frontend-libs: - Update jquery.timepicker to 1.11.14 (bsc#1119081) susemanager-schema: - Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492) - Removing invalid suse-openstack-cloud-6 and suse-packagehub-12-sp4 channel_labels (bsc#1125451) - Clean the susesccrepository table before modify it (bsc#1125456) - Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213) - Remove wrong channel_family labels (bsc#1123189) - Remove unused 'remove_servergroup_perm' stored procedure (bsc#1111810) susemanager-sls: - Adapt disablelocalrepos.sls syntax for Salt 2016.10 (rhel6, sle11) (bsc#1127706) - Fix mgr_events to use current ioloop (bsc#1126280) - Added option to read 'pkg_download_point_...' pillar values and use it in repo url - Add support for Ubuntu minions - Prevent the pkgset beacon from firing during onboarding (bsc#1122896) susemanager-sync-data: - Fix channel label for suse-openstack-cloud-6 and packagehub-12-sp4-* (bsc#1125451) - Add SLES11 SP4 LTSS channels (bsc#1123989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-589=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-589=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): spacewalk-branding-2.8.5.14-3.16.6 susemanager-3.2.16-3.19.8 susemanager-tools-3.2.16-3.19.8 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.13.5 netty-4.1.8.Final-2.9.1 salt-netapi-client-0.15.1-4.8.1 spacecmd-2.8.25.9-3.17.1 spacewalk-backend-2.8.57.11-3.17.1 spacewalk-backend-app-2.8.57.11-3.17.1 spacewalk-backend-applet-2.8.57.11-3.17.1 spacewalk-backend-config-files-2.8.57.11-3.17.1 spacewalk-backend-config-files-common-2.8.57.11-3.17.1 spacewalk-backend-config-files-tool-2.8.57.11-3.17.1 spacewalk-backend-iss-2.8.57.11-3.17.1 spacewalk-backend-iss-export-2.8.57.11-3.17.1 spacewalk-backend-libs-2.8.57.11-3.17.1 spacewalk-backend-package-push-server-2.8.57.11-3.17.1 spacewalk-backend-server-2.8.57.11-3.17.1 spacewalk-backend-sql-2.8.57.11-3.17.1 spacewalk-backend-sql-oracle-2.8.57.11-3.17.1 spacewalk-backend-sql-postgresql-2.8.57.11-3.17.1 spacewalk-backend-tools-2.8.57.11-3.17.1 spacewalk-backend-xml-export-libs-2.8.57.11-3.17.1 spacewalk-backend-xmlrpc-2.8.57.11-3.17.1 spacewalk-base-2.8.7.14-3.21.1 spacewalk-base-minimal-2.8.7.14-3.21.1 spacewalk-base-minimal-config-2.8.7.14-3.21.1 spacewalk-config-2.8.5.6-3.13.5 spacewalk-html-2.8.7.14-3.21.1 spacewalk-java-2.8.78.19-3.24.11 spacewalk-java-config-2.8.78.19-3.24.11 spacewalk-java-lib-2.8.78.19-3.24.11 spacewalk-java-oracle-2.8.78.19-3.24.11 spacewalk-java-postgresql-2.8.78.19-3.24.11 spacewalk-taskomatic-2.8.78.19-3.24.11 susemanager-advanced-topics_en-pdf-3.2-11.18.5 susemanager-best-practices_en-pdf-3.2-11.18.5 susemanager-docs_en-3.2-11.18.5 susemanager-frontend-libs-3.2.5-3.10.5 susemanager-getting-started_en-pdf-3.2-11.18.5 susemanager-jsp_en-3.2-11.18.5 susemanager-reference_en-pdf-3.2-11.18.5 susemanager-schema-3.2.17-3.19.5 susemanager-sls-3.2.22-3.23.1 susemanager-sync-data-3.2.13-3.17.5 susemanager-web-libs-2.8.7.14-3.21.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.11-3.17.1 spacewalk-backend-libs-2.8.57.11-3.17.1 spacewalk-base-minimal-2.8.7.14-3.21.1 spacewalk-base-minimal-config-2.8.7.14-3.21.1 spacewalk-proxy-broker-2.8.5.4-3.3.8 spacewalk-proxy-common-2.8.5.4-3.3.8 spacewalk-proxy-installer-2.8.6.5-3.9.5 spacewalk-proxy-management-2.8.5.4-3.3.8 spacewalk-proxy-package-manager-2.8.5.4-3.3.8 spacewalk-proxy-redirect-2.8.5.4-3.3.8 spacewalk-proxy-salt-2.8.5.4-3.3.8 susemanager-web-libs-2.8.7.14-3.21.1 References: https://bugzilla.suse.com/1111308 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111810 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1118100 https://bugzilla.suse.com/1118213 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121787 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122770 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1122896 https://bugzilla.suse.com/1123019 https://bugzilla.suse.com/1123189 https://bugzilla.suse.com/1123989 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124013 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1125451 https://bugzilla.suse.com/1125456 https://bugzilla.suse.com/1125492 https://bugzilla.suse.com/1126280 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1127706 From sle-updates at lists.suse.com Tue Mar 12 14:14:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:14:46 +0100 (CET) Subject: SUSE-SU-2019:0586-1: moderate: Security update for ceph Message-ID: <20190312201446.7776AFD10@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0586-1 Rating: moderate References: #1084645 #1086613 #1096748 #1099162 #1101262 #1111177 #1114567 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-14662 CVE-2018-16846 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for ceph version 13.2.4 fixes the following issues: Security issues fixed: - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177) - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162) - CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748) - CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748) - CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw Non-security issues fixed: - ceph-volume Python 3 fixes (bsc#1114567) - fix python3 module loading (bsc#1086613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-586=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-586=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ceph-13.2.4.125+gad802694f5-3.7.2 ceph-base-13.2.4.125+gad802694f5-3.7.2 ceph-base-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-debugsource-13.2.4.125+gad802694f5-3.7.2 ceph-fuse-13.2.4.125+gad802694f5-3.7.2 ceph-fuse-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-mds-13.2.4.125+gad802694f5-3.7.2 ceph-mds-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-mgr-13.2.4.125+gad802694f5-3.7.2 ceph-mgr-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-mon-13.2.4.125+gad802694f5-3.7.2 ceph-mon-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-osd-13.2.4.125+gad802694f5-3.7.2 ceph-osd-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-radosgw-13.2.4.125+gad802694f5-3.7.2 ceph-radosgw-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-resource-agents-13.2.4.125+gad802694f5-3.7.2 rbd-fuse-13.2.4.125+gad802694f5-3.7.2 rbd-fuse-debuginfo-13.2.4.125+gad802694f5-3.7.2 rbd-mirror-13.2.4.125+gad802694f5-3.7.2 rbd-mirror-debuginfo-13.2.4.125+gad802694f5-3.7.2 rbd-nbd-13.2.4.125+gad802694f5-3.7.2 rbd-nbd-debuginfo-13.2.4.125+gad802694f5-3.7.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ceph-common-13.2.4.125+gad802694f5-3.7.2 ceph-common-debuginfo-13.2.4.125+gad802694f5-3.7.2 ceph-debugsource-13.2.4.125+gad802694f5-3.7.2 libcephfs-devel-13.2.4.125+gad802694f5-3.7.2 libcephfs2-13.2.4.125+gad802694f5-3.7.2 libcephfs2-debuginfo-13.2.4.125+gad802694f5-3.7.2 librados-devel-13.2.4.125+gad802694f5-3.7.2 librados-devel-debuginfo-13.2.4.125+gad802694f5-3.7.2 librados2-13.2.4.125+gad802694f5-3.7.2 librados2-debuginfo-13.2.4.125+gad802694f5-3.7.2 libradosstriper-devel-13.2.4.125+gad802694f5-3.7.2 libradosstriper1-13.2.4.125+gad802694f5-3.7.2 libradosstriper1-debuginfo-13.2.4.125+gad802694f5-3.7.2 librbd-devel-13.2.4.125+gad802694f5-3.7.2 librbd1-13.2.4.125+gad802694f5-3.7.2 librbd1-debuginfo-13.2.4.125+gad802694f5-3.7.2 librgw-devel-13.2.4.125+gad802694f5-3.7.2 librgw2-13.2.4.125+gad802694f5-3.7.2 librgw2-debuginfo-13.2.4.125+gad802694f5-3.7.2 python3-cephfs-13.2.4.125+gad802694f5-3.7.2 python3-cephfs-debuginfo-13.2.4.125+gad802694f5-3.7.2 python3-rados-13.2.4.125+gad802694f5-3.7.2 python3-rados-debuginfo-13.2.4.125+gad802694f5-3.7.2 python3-rbd-13.2.4.125+gad802694f5-3.7.2 python3-rbd-debuginfo-13.2.4.125+gad802694f5-3.7.2 python3-rgw-13.2.4.125+gad802694f5-3.7.2 python3-rgw-debuginfo-13.2.4.125+gad802694f5-3.7.2 rados-objclass-devel-13.2.4.125+gad802694f5-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-10861.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-14662.html https://www.suse.com/security/cve/CVE-2018-16846.html https://bugzilla.suse.com/1084645 https://bugzilla.suse.com/1086613 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1099162 https://bugzilla.suse.com/1101262 https://bugzilla.suse.com/1111177 https://bugzilla.suse.com/1114567 From sle-updates at lists.suse.com Tue Mar 12 14:16:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:16:05 +0100 (CET) Subject: SUSE-RU-2019:0597-1: moderate: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20190312201605.A5070FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0597-1 Rating: moderate References: #1111308 #1111686 #1111810 #1114059 #1118100 #1118213 #1118492 #1119081 #1119964 #1121787 #1121856 #1122770 #1122836 #1122896 #1123019 #1123189 #1123989 #1123991 #1124013 #1124639 #1125451 #1125456 #1125492 #1126280 #1127389 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 25 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following additions: - New features * Ubuntu Support Technical Preview * Change behavior on token refresh * New option to force regeneration of channel metadata * Support token authentication for Debian/Ubuntu clients - SUSE Manager Server bugs fixed by latest updates: bsc#1111308, bsc#1111686, bsc#1111810, bsc#1114059, bsc#1118100, bsc#1118213, bsc#1118492, bsc#1119081, bsc#1119964, bsc#1121787, bsc#1121856, bsc#1122770, bsc#1122836, bsc#1122896, bsc#1123019, bsc#1123189, bsc#1123989, bsc#1123991, bsc#1124013, bsc#1124639, bsc#1125451, bsc#1125456, bsc#1125492, bsc#1126280, bsc#1127389 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1118100, bsc#1118492, bsc#1122770 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-597=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-597=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.6-6.26.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.6-0.16.18.1 References: https://bugzilla.suse.com/1111308 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111810 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1118100 https://bugzilla.suse.com/1118213 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121787 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122770 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1122896 https://bugzilla.suse.com/1123019 https://bugzilla.suse.com/1123189 https://bugzilla.suse.com/1123989 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124013 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1125451 https://bugzilla.suse.com/1125456 https://bugzilla.suse.com/1125492 https://bugzilla.suse.com/1126280 https://bugzilla.suse.com/1127389 From sle-updates at lists.suse.com Tue Mar 12 14:19:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:19:15 +0100 (CET) Subject: SUSE-RU-2019:0589-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20190312201915.930CCFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0589-1 Rating: moderate References: #1111308 #1111686 #1111810 #1114059 #1118100 #1118213 #1118492 #1119081 #1119964 #1121787 #1121856 #1122770 #1122836 #1122896 #1123019 #1123189 #1123989 #1123991 #1124013 #1124639 #1125451 #1125456 #1125492 #1126280 #1126862 #1127389 #1127488 #1127706 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 28 recommended fixes can now be installed. Description: This update includes the following new features: - Enable support for Ubuntu minions as technical preview (fate#324534, fate#326848, fate#326811) This update fixes the following issues: cobbler: - Fix for SUSE distribution detection in ISO building (bsc#1123991) netty: - No change release to fix the repositories salt-netapi-client: - Make salt-netapi-client compatible with JDK 1.8 and JDK 11 spacecmd: - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) spacewalk-backend: - Make sure the package download url does not have '//' (bsc#1127488) - Make reposync use and append token correctly to the URL - Added 'mgr-sign-metadata-ctl' for repository metadata signing - Fix typo in syncing product extensions (bsc#1118492) spacewalk-branding: - Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081) spacewalk-config: - Add rewrite rules for .deb repository metadata paths spacewalk-java: - Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492) - Change default image download protocol from tftp to ftp - Fix a problem when cloning public child channels with a private base channel (bsc#1124639) - Prevent crash of mgr-sync refresh when channel label could not be found (bsc#1125451) - Keep assigned channels on traditional to minion migration (bsc#1122836) - Add support for Ubuntu minions (fate#324534, fate#326848, fate#326811) - Fix/enhance Debian/Ubuntu repository generation - Implement HTTP token authentication for Ubuntu clients - Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213) - Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856) - Add configurable option to auto deploy new tokens (bsc#1123019) - Show beta products if a beta subscription is available (bsc#1123189) - Merge unlimited virtualization lifecycle products with the single variant (bsc#1114059) - Improve performance for granting and revoking permissions to user for groups (bsc#1111810) - Fix for duplicate key violation when cloning erratas that have no packages associated (bsc#1111686) - Update spec file to no longer install tomcat context file in cache directory (bsc#1111308) spacewalk-web: - Sort activation key list on create image profile page (bsc#1122770) - Sort channel lists on the product page of the setup wizard - Sort activation key list on bootstrap page (bsc#1122770) - Remove RH-specific warning message (bsc#1118100) - Fix initializing of the datetime picker (bsc#1126862) susemanager: - Add `python-setuptools` package dependency to SLES12 bootstrap repo (bsc#1119964) - Add configurable option to auto deploy new tokens (bsc#1123019) - Fix broken shebang in postgresql migration scripts - Ensure POSTGRES_LANG is correctly set (bsc#1121787) susemanager-docs_en: - Update text and image files. - Clarification about syncing support (bsc#1124013). - Replace SCC screen shot. - Improve Salt configuration channel description. - Add "spacewalk-report" documentation (from 2.1). - Fix image build host version numbers. susemanager-frontend-libs: - Update jquery.timepicker to 1.11.14 (bsc#1119081) susemanager-schema: - Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492) - Removing invalid suse-openstack-cloud-6 and suse-packagehub-12-sp4 channel_labels (bsc#1125451) - Clean the susesccrepository table before modify it (bsc#1125456) - Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213) - Remove wrong channel_family labels (bsc#1123189) - Remove unused 'remove_servergroup_perm' stored procedure (bsc#1111810) susemanager-sls: - Adapt disablelocalrepos.sls syntax for Salt 2016.10 (rhel6, sle11) (bsc#1127706) - Fix mgr_events to use current ioloop (bsc#1126280) - Added option to read 'pkg_download_point_...' pillar values and use it in repo url - Add support for Ubuntu minions - Prevent the pkgset beacon from firing during onboarding (bsc#1122896) susemanager-sync-data: - Fix channel label for suse-openstack-cloud-6 and packagehub-12-sp4-* (bsc#1125451) - Add SLES11 SP4 LTSS channels (bsc#1123989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-589=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-589=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): spacewalk-branding-2.8.5.14-3.16.6 susemanager-3.2.16-3.19.8 susemanager-tools-3.2.16-3.19.8 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.13.5 netty-4.1.8.Final-2.9.1 salt-netapi-client-0.15.1-4.8.1 spacecmd-2.8.25.9-3.17.1 spacewalk-backend-2.8.57.11-3.17.1 spacewalk-backend-app-2.8.57.11-3.17.1 spacewalk-backend-applet-2.8.57.11-3.17.1 spacewalk-backend-config-files-2.8.57.11-3.17.1 spacewalk-backend-config-files-common-2.8.57.11-3.17.1 spacewalk-backend-config-files-tool-2.8.57.11-3.17.1 spacewalk-backend-iss-2.8.57.11-3.17.1 spacewalk-backend-iss-export-2.8.57.11-3.17.1 spacewalk-backend-libs-2.8.57.11-3.17.1 spacewalk-backend-package-push-server-2.8.57.11-3.17.1 spacewalk-backend-server-2.8.57.11-3.17.1 spacewalk-backend-sql-2.8.57.11-3.17.1 spacewalk-backend-sql-oracle-2.8.57.11-3.17.1 spacewalk-backend-sql-postgresql-2.8.57.11-3.17.1 spacewalk-backend-tools-2.8.57.11-3.17.1 spacewalk-backend-xml-export-libs-2.8.57.11-3.17.1 spacewalk-backend-xmlrpc-2.8.57.11-3.17.1 spacewalk-base-2.8.7.14-3.21.1 spacewalk-base-minimal-2.8.7.14-3.21.1 spacewalk-base-minimal-config-2.8.7.14-3.21.1 spacewalk-config-2.8.5.6-3.13.5 spacewalk-html-2.8.7.14-3.21.1 spacewalk-java-2.8.78.19-3.24.11 spacewalk-java-config-2.8.78.19-3.24.11 spacewalk-java-lib-2.8.78.19-3.24.11 spacewalk-java-oracle-2.8.78.19-3.24.11 spacewalk-java-postgresql-2.8.78.19-3.24.11 spacewalk-taskomatic-2.8.78.19-3.24.11 susemanager-advanced-topics_en-pdf-3.2-11.18.5 susemanager-best-practices_en-pdf-3.2-11.18.5 susemanager-docs_en-3.2-11.18.5 susemanager-frontend-libs-3.2.5-3.10.5 susemanager-getting-started_en-pdf-3.2-11.18.5 susemanager-jsp_en-3.2-11.18.5 susemanager-reference_en-pdf-3.2-11.18.5 susemanager-schema-3.2.17-3.19.5 susemanager-sls-3.2.22-3.23.1 susemanager-sync-data-3.2.13-3.17.5 susemanager-web-libs-2.8.7.14-3.21.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.11-3.17.1 spacewalk-backend-libs-2.8.57.11-3.17.1 spacewalk-base-minimal-2.8.7.14-3.21.1 spacewalk-base-minimal-config-2.8.7.14-3.21.1 spacewalk-proxy-broker-2.8.5.4-3.3.8 spacewalk-proxy-common-2.8.5.4-3.3.8 spacewalk-proxy-installer-2.8.6.5-3.9.5 spacewalk-proxy-management-2.8.5.4-3.3.8 spacewalk-proxy-package-manager-2.8.5.4-3.3.8 spacewalk-proxy-redirect-2.8.5.4-3.3.8 spacewalk-proxy-salt-2.8.5.4-3.3.8 susemanager-web-libs-2.8.7.14-3.21.1 References: https://bugzilla.suse.com/1111308 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111810 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1118100 https://bugzilla.suse.com/1118213 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121787 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122770 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1122896 https://bugzilla.suse.com/1123019 https://bugzilla.suse.com/1123189 https://bugzilla.suse.com/1123989 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124013 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1125451 https://bugzilla.suse.com/1125456 https://bugzilla.suse.com/1125492 https://bugzilla.suse.com/1126280 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1127488 https://bugzilla.suse.com/1127706 From sle-updates at lists.suse.com Tue Mar 12 14:22:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:22:52 +0100 (CET) Subject: SUSE-RU-2019:0598-1: moderate: Recommended update for Salt Message-ID: <20190312202252.BE676FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0598-1 Rating: moderate References: #1122663 #1123865 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't call zypper with more than one --no-refresh parameter (bsc#1123865) - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-598=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-598=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2018.3.0-5.35.1 salt-cloud-2018.3.0-5.35.1 salt-master-2018.3.0-5.35.1 salt-proxy-2018.3.0-5.35.1 salt-ssh-2018.3.0-5.35.1 salt-syndic-2018.3.0-5.35.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2018.3.0-5.35.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-5.35.1 python3-salt-2018.3.0-5.35.1 salt-2018.3.0-5.35.1 salt-doc-2018.3.0-5.35.1 salt-minion-2018.3.0-5.35.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2018.3.0-5.35.1 salt-zsh-completion-2018.3.0-5.35.1 References: https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1123865 From sle-updates at lists.suse.com Tue Mar 12 14:23:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:23:29 +0100 (CET) Subject: SUSE-RU-2019:13973-1: moderate: Recommended update for Salt Message-ID: <20190312202329.74EABFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13973-1 Rating: moderate References: #1122663 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-201903-13973=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-2018.3.0+ds-1 salt-minion-2018.3.0+ds-1 References: https://bugzilla.suse.com/1122663 From sle-updates at lists.suse.com Tue Mar 12 14:23:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:23:58 +0100 (CET) Subject: SUSE-RU-2019:13974-1: moderate: Recommended update for Salt Message-ID: <20190312202358.CFC23FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13974-1 Rating: moderate References: #1122663 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-201903-13974=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-2018.3.0+ds-1 salt-minion-2018.3.0+ds-1 References: https://bugzilla.suse.com/1122663 From sle-updates at lists.suse.com Tue Mar 12 14:24:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:24:29 +0100 (CET) Subject: SUSE-RU-2019:0593-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190312202429.1307EFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0593-1 Rating: moderate References: #1123991 #1127389 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Manager Server 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fix for SUSE distribution detection in ISO building (bsc#1123991) spacecmd: - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) spacewalk-backend: - Make reposync use and append token correctly to the URL - Added 'mgr-sign-metadata-ctl' for repository metadata signing Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-593=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-593=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-593=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-593=1 Package List: - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.20.2 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.20.2 spacecmd-2.8.25.9-38.38.1 spacewalk-backend-libs-2.8.57.9-55.30.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-49.20.2 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.20.2 References: https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1127389 From sle-updates at lists.suse.com Tue Mar 12 14:13:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Mar 2019 21:13:51 +0100 (CET) Subject: SUSE-SU-2019:0585-1: important: Security update for java-1_8_0-ibm Message-ID: <20190312201351.B21F3FD10@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0585-1 Rating: important References: #1122292 #1122293 #1122299 #1128158 Cross-References: CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-585=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 java-1_8_0-ibm-devel-1.8.0_sr5.30-3.16.2 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-3.16.2 java-1_8_0-ibm-plugin-1.8.0_sr5.30-3.16.2 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2018-1890.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2449.html https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1128158 From sle-updates at lists.suse.com Tue Mar 12 17:09:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 00:09:52 +0100 (CET) Subject: SUSE-SU-2019:13976-1: moderate: Security update for supportutils Message-ID: <20190312230952.5C4D4FD10@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13976-1 Rating: moderate References: #1117751 #1118460 #1118462 #1118463 Cross-References: CVE-2018-19636 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for supportutils fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19636: Local root exploit via inclusion of attacker controlled shell script (bsc#1117751) - CVE-2018-19640: Users can kill arbitrary processes (bsc#1118463) - CVE-2018-19638: User can overwrite arbitrary log files in support tar (bsc#1118460) - CVE-2018-19639: Code execution if run with -v (bsc#1118462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-supportutils-13976=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-supportutils-13976=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): supportutils-1.20-122.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): supportutils-1.20-122.9.1 References: https://www.suse.com/security/cve/CVE-2018-19636.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1117751 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 From sle-updates at lists.suse.com Tue Mar 12 17:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 00:10:52 +0100 (CET) Subject: SUSE-SU-2019:13977-1: important: Security update for python-numpy Message-ID: <20190312231052.31411FD10@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13977-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-numpy-13977=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-numpy-13977=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): python-numpy-1.3.0-1.3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64 ppc64 s390x): python-numpy-debuginfo-1.3.0-1.3.3.1 python-numpy-debugsource-1.3.0-1.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-updates at lists.suse.com Tue Mar 12 17:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 00:11:27 +0100 (CET) Subject: SUSE-SU-2019:13975-1: important: Security update for java-1_7_0-ibm Message-ID: <20190312231127.20A8EFD10@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13975-1 Rating: important References: #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_0-ibm to version 7.0.10.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Sec urity_Update_February_2019 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-13975=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.40-65.35.1 java-1_7_0-ibm-alsa-1.7.0_sr10.40-65.35.1 java-1_7_0-ibm-devel-1.7.0_sr10.40-65.35.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.40-65.35.1 java-1_7_0-ibm-plugin-1.7.0_sr10.40-65.35.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-updates at lists.suse.com Tue Mar 12 17:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 00:09:13 +0100 (CET) Subject: SUSE-SU-2019:0600-1: moderate: Security update for openssl-1_0_0 Message-ID: <20190312230913.8E178FD10@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0600-1 Rating: moderate References: #1117951 #1127080 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-600=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-600=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.14.2 openssl-1_0_0-cavs-1.0.2p-3.14.2 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.14.2 openssl-1_0_0-debuginfo-1.0.2p-3.14.2 openssl-1_0_0-debugsource-1.0.2p-3.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_0_0-doc-1.0.2p-3.14.2 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.14.2 libopenssl1_0_0-1.0.2p-3.14.2 libopenssl1_0_0-debuginfo-1.0.2p-3.14.2 openssl-1_0_0-1.0.2p-3.14.2 openssl-1_0_0-debuginfo-1.0.2p-3.14.2 openssl-1_0_0-debugsource-1.0.2p-3.14.2 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 From sle-updates at lists.suse.com Wed Mar 13 06:55:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 13:55:55 +0100 (CET) Subject: SUSE-SU-2019:0604-1: important: Security update for java-1_7_1-ibm Message-ID: <20190313125555.3240CFD10@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0604-1 Rating: important References: #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Sec urity_Update_February_2019 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-604=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-604=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-604=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-604=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-604=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-604=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-604=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-604=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-604=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-604=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-604=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-604=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-alsa-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-devel-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-38.34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-38.34.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-updates at lists.suse.com Wed Mar 13 06:56:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 13:56:46 +0100 (CET) Subject: SUSE-SU-2019:0603-1: important: Security update for python-azure-agent Message-ID: <20190313125646.52879FD10@maintenance.suse.de> SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0603-1 Rating: important References: #1127838 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-azure-agent fixes the following issues: - CVE-2019-0804: An issue with swapfile handling in the agent created a data leak situation that exposes system memory data. (bsc#1127838) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-603=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-603=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.36-7.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-azure-agent-test-2.2.36-7.6.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 From sle-updates at lists.suse.com Wed Mar 13 11:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 18:11:31 +0100 (CET) Subject: SUSE-RU-2019:0605-1: moderate: Recommended update for azure-li-services Message-ID: <20190313171131.5A159FD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0605-1 Rating: moderate References: #1127923 #1127924 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-li-services to version 1.1.27 provides the following: - Azure Large instances password reset and MAC based ifnames support (bsc#1127924) - Azure Very Large instances support for bonding (bsc#1127924) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-605=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): azure-li-services-1.1.27-1.8.1 References: https://bugzilla.suse.com/1127923 https://bugzilla.suse.com/1127924 From sle-updates at lists.suse.com Wed Mar 13 11:12:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 18:12:14 +0100 (CET) Subject: SUSE-RU-2019:0606-1: moderate: Recommended update for arpwatch Message-ID: <20190313171214.7328BFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0606-1 Rating: moderate References: #1119851 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for arpwatch provides the following fix: - Prevent a memory leak in gethname. (bsc#1119851) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-606=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-606=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-606=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-606=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-159.6.1 arpwatch-debugsource-2.1a15-159.6.1 arpwatch-ethercodes-build-2.1a15-159.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-159.6.1 arpwatch-debugsource-2.1a15-159.6.1 arpwatch-ethercodes-build-2.1a15-159.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.6.1 arpwatch-debuginfo-2.1a15-159.6.1 arpwatch-debugsource-2.1a15-159.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.6.1 arpwatch-debuginfo-2.1a15-159.6.1 arpwatch-debugsource-2.1a15-159.6.1 References: https://bugzilla.suse.com/1119851 From sle-updates at lists.suse.com Wed Mar 13 14:09:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 21:09:20 +0100 (CET) Subject: SUSE-RU-2019:0608-1: moderate: Recommended update for cups Message-ID: <20190313200920.13690FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0608-1 Rating: moderate References: #1118118 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-608=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-608=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-608=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.9.1 cups-ddk-debuginfo-2.2.7-3.9.1 cups-debuginfo-2.2.7-3.9.1 cups-debugsource-2.2.7-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): cups-debugsource-2.2.7-3.9.1 libcups2-32bit-2.2.7-3.9.1 libcups2-32bit-debuginfo-2.2.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.9.1 cups-client-2.2.7-3.9.1 cups-client-debuginfo-2.2.7-3.9.1 cups-config-2.2.7-3.9.1 cups-debuginfo-2.2.7-3.9.1 cups-debugsource-2.2.7-3.9.1 cups-devel-2.2.7-3.9.1 libcups2-2.2.7-3.9.1 libcups2-debuginfo-2.2.7-3.9.1 libcupscgi1-2.2.7-3.9.1 libcupscgi1-debuginfo-2.2.7-3.9.1 libcupsimage2-2.2.7-3.9.1 libcupsimage2-debuginfo-2.2.7-3.9.1 libcupsmime1-2.2.7-3.9.1 libcupsmime1-debuginfo-2.2.7-3.9.1 libcupsppdc1-2.2.7-3.9.1 libcupsppdc1-debuginfo-2.2.7-3.9.1 References: https://bugzilla.suse.com/1118118 From sle-updates at lists.suse.com Wed Mar 13 14:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Mar 2019 21:09:51 +0100 (CET) Subject: SUSE-RU-2019:0607-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20190313200951.E3C1AFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0607-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: - Added lifecycle data for the livepatches: 4_4_103-6_33, 4_4_103-6_38, 4_4_114-94_11, 4_4_114-94_14, 4_4_120-94_17, 4_4_121-92_101, 4_4_126-94_22, 4_4_131-94_29, 4_4_132-94_33, 4_4_138-94_39, 4_4_140-94_42, 4_4_143-94_47, 4_4_155-94_50, 4_4_156-94_57, 4_4_156-94_61, 4_4_156-94_64, 4_4_162-94_69, 4_4_162-94_72, 4_12_14-94_41, 4_12_14-95_3, 4_12_14-95_6. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-607=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-607=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2019-607=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.38.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.38.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.38.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Mar 13 17:13:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 00:13:42 +0100 (CET) Subject: SUSE-SU-2019:0609-1: moderate: Security update for mariadb Message-ID: <20190313231342.8174DFDF1@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0609-1 Rating: moderate References: #1112767 #1122198 #1122475 #1127027 Cross-References: CVE-2019-2510 CVE-2019-2537 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed (bsc#1122198): - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-609=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-609=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mariadb-10.2.22-3.14.1 mariadb-client-10.2.22-3.14.1 mariadb-client-debuginfo-10.2.22-3.14.1 mariadb-debuginfo-10.2.22-3.14.1 mariadb-debugsource-10.2.22-3.14.1 mariadb-tools-10.2.22-3.14.1 mariadb-tools-debuginfo-10.2.22-3.14.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): mariadb-errormessages-10.2.22-3.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): mariadb-10.2.22-3.14.1 mariadb-client-10.2.22-3.14.1 mariadb-client-debuginfo-10.2.22-3.14.1 mariadb-debuginfo-10.2.22-3.14.1 mariadb-debugsource-10.2.22-3.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): mariadb-errormessages-10.2.22-3.14.1 References: https://www.suse.com/security/cve/CVE-2019-2510.html https://www.suse.com/security/cve/CVE-2019-2537.html https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1122198 https://bugzilla.suse.com/1122475 https://bugzilla.suse.com/1127027 From sle-updates at lists.suse.com Thu Mar 14 08:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 15:09:14 +0100 (CET) Subject: SUSE-SU-2019:13978-1: important: Security update for java-1_7_1-ibm Message-ID: <20190314140914.40BDBFDF1@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13978-1 Rating: important References: #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Sec urity_Update_February_2019 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13978=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13978=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.40-26.36.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.40-26.36.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.40-26.36.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.40-26.36.1 java-1_7_1-ibm-plugin-1.7.1_sr4.40-26.36.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-updates at lists.suse.com Thu Mar 14 14:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 21:09:14 +0100 (CET) Subject: SUSE-RU-2019:0613-1: moderate: Recommended update for spark Message-ID: <20190314200914.A6415FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for spark ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0613-1 Rating: moderate References: #1091479 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spark fixes the following issues: - Added Restart and RestartSec to restart spark master and spark worker (bsc#1091479) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-613=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-613=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-613=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): spark-1.6.3-8.3.1 - SUSE OpenStack Cloud 8 (noarch): spark-1.6.3-8.3.1 - HPE Helion Openstack 8 (noarch): spark-1.6.3-8.3.1 References: https://bugzilla.suse.com/1091479 From sle-updates at lists.suse.com Thu Mar 14 14:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 21:09:50 +0100 (CET) Subject: SUSE-RU-2019:0615-1: moderate: Recommended update for python-keystone-json-assignment Message-ID: <20190314200950.075AEFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keystone-json-assignment ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0615-1 Rating: moderate References: #1124864 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-keystone-json-assignment fixes the following issues: - Always filter roles by given project and userid (bsc#1124864) - Dynamically reload the JSON mapping Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-615=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-615=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-615=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-keystone-json-assignment-0.0.4-3.9.1 - SUSE OpenStack Cloud 8 (noarch): python-keystone-json-assignment-0.0.4-3.9.1 - HPE Helion Openstack 8 (noarch): python-keystone-json-assignment-0.0.4-3.9.1 References: https://bugzilla.suse.com/1124864 From sle-updates at lists.suse.com Thu Mar 14 14:10:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 21:10:21 +0100 (CET) Subject: SUSE-RU-2019:0614-1: moderate: Recommended update for python packages Message-ID: <20190314201021.61827FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0614-1 Rating: moderate References: #1121524 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python fixes for the following issues: python-vmware-nsx: - NSX-V3: Add agent config to FWaaSV2 callbacks - NSXv: use admin context for metadata port config - Add missing python-mock Requires (bsc#1121524) - LBaaS legacy mode bugfix - NSX|V3 Support non-overlay networks with DHCP - NSX|V3 update port revision on update_port response - NSX|V+V3 QoS rbac support python-sushy: - Zuul: Remove project name - Add Zuul v3 jobs in tree - Use the tempest plugin from openstack/ironic-tempest-plugin - Mark Systems/Managers/SessionService optional - Avoid tox_install.sh for constraints support - zuul: clean up job definition - Change BootSourceOverrideMode from BIOS to Legacy - Import zuul job settings from project-config python-pytest: - The ``pytest-warnings`` plugin has been integrated into the core and now ``pytest`` automatically captures and displays warnings at the end of the test session. - Added ``junit_suite_name`` ini option to specify root ```` name for JUnit XML reports - Added an ini option ``doctest_encoding`` to specify which encoding to use for doctest files. - ``pytest.warns`` now checks for subclass relationship rather than class equality. - ``pytest.raises`` now asserts that the error message matches a text or regex with the ``match`` keyword argument. - ``pytest.param`` can be used to declare test parameter sets with marks and test ids. python-oslo.db: - update to version 4.25.2 - Fix sphinx-docs job for stable branch - Import zuul job settings from project-config - Reverse role of synchronous_reader - Use the new PTI for document build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-614=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-614=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-614=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-oslo.db-4.25.2-3.3.1 python-pytest-3.1.3-3.3.1 python-sushy-1.1.1-3.3.1 python-vmware-nsx-11.0.3~dev24-3.6.2 - SUSE OpenStack Cloud 8 (noarch): python-oslo.db-4.25.2-3.3.1 python-pytest-3.1.3-3.3.1 python-sushy-1.1.1-3.3.1 python-vmware-nsx-11.0.3~dev24-3.6.2 - HPE Helion Openstack 8 (noarch): python-oslo.db-4.25.2-3.3.1 python-pytest-3.1.3-3.3.1 python-sushy-1.1.1-3.3.1 python-vmware-nsx-11.0.3~dev24-3.6.2 References: https://bugzilla.suse.com/1121524 From sle-updates at lists.suse.com Thu Mar 14 14:10:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 21:10:51 +0100 (CET) Subject: SUSE-RU-2019:0612-1: moderate: Recommended update for python-swiftlm Message-ID: <20190314201051.EA7D0FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-swiftlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0612-1 Rating: moderate References: #1114282 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-swiftlm fixes the following issues: - Resolves symbolic link to rsync (bsc#1114282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-612=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-612=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-swiftlm-drive-provision-8.0+git.1541434883.e0ebe69-5.6.1 ardana-swiftlm-log-tailer-8.0+git.1541434883.e0ebe69-5.6.1 ardana-swiftlm-uptime-mon-8.0+git.1541434883.e0ebe69-5.6.1 python-swiftlm-8.0+git.1541434883.e0ebe69-5.6.1 - HPE Helion Openstack 8 (noarch): ardana-swiftlm-drive-provision-8.0+git.1541434883.e0ebe69-5.6.1 ardana-swiftlm-log-tailer-8.0+git.1541434883.e0ebe69-5.6.1 ardana-swiftlm-uptime-mon-8.0+git.1541434883.e0ebe69-5.6.1 python-swiftlm-8.0+git.1541434883.e0ebe69-5.6.1 References: https://bugzilla.suse.com/1114282 From sle-updates at lists.suse.com Thu Mar 14 14:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Mar 2019 21:11:27 +0100 (CET) Subject: SUSE-RU-2019:0616-1: moderate: Recommended update for openstack packages Message-ID: <20190314201127.80214FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0616-1 Rating: moderate References: #1113107 #1121862 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides openstack packages for the following issues: openstack-ceilometer: - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer to prevent deadlocks when the cron jobs run in parallel on the different nodes (bsc#1113107) openstack-dashboard: - Consistency Group Snapshots detail url is wrong - Fixes an issue where the details panel of cg_snapshots won't load due to incorrect url in link (bsc#1121862) openstack-heat: - Fix for None base\_url for Monasca client - Use fedora 29 image from nodepool mirror - Check for server in attachements when checking for detach complete openstack-ironic: - Fix OOB introspection to use pxe\_enabled flag in idrac driver openstack-magnum: - Support http/https proxy for discovery url openstack-nova: - Handle IndexError in \_populate\_neutron\_binding\_profile - Fix InstanceNotFound during \_destroy\_evacuated\_instances - Add functional regression test for bug 1794996 - Ensure rbd auth fallback uses matching credentials - Default embedded instance.flavor.is\_public attribute - Handle unbound vif plug errors on compute restart - Handle binding\_failed vif plug errors on compute restart Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-616=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-616=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-616=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-ceilometer-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.9.1 openstack-ceilometer-api-9.0.7~dev2-3.9.1 openstack-ceilometer-collector-9.0.7~dev2-3.9.1 openstack-ceilometer-doc-9.0.7~dev2-3.9.1 openstack-ceilometer-polling-9.0.7~dev2-3.9.1 openstack-dashboard-12.0.4~dev4-3.14.1 openstack-heat-9.0.6~dev15-3.12.1 openstack-heat-api-9.0.6~dev15-3.12.1 openstack-heat-api-cfn-9.0.6~dev15-3.12.1 openstack-heat-api-cloudwatch-9.0.6~dev15-3.12.1 openstack-heat-doc-9.0.6~dev15-3.12.1 openstack-heat-engine-9.0.6~dev15-3.12.1 openstack-heat-plugin-heat_docker-9.0.6~dev15-3.12.1 openstack-heat-test-9.0.6~dev15-3.12.1 openstack-ironic-9.1.7~dev6-3.12.1 openstack-ironic-api-9.1.7~dev6-3.12.1 openstack-ironic-conductor-9.1.7~dev6-3.12.1 openstack-ironic-doc-9.1.7~dev6-3.12.1 openstack-magnum-5.0.2~dev30-4.9.1 openstack-magnum-api-5.0.2~dev30-4.9.1 openstack-magnum-conductor-5.0.2~dev30-4.9.1 openstack-magnum-doc-5.0.2~dev30-4.9.1 openstack-nova-16.1.8~dev12-3.17.1 openstack-nova-api-16.1.8~dev12-3.17.1 openstack-nova-cells-16.1.8~dev12-3.17.1 openstack-nova-compute-16.1.8~dev12-3.17.1 openstack-nova-conductor-16.1.8~dev12-3.17.1 openstack-nova-console-16.1.8~dev12-3.17.1 openstack-nova-consoleauth-16.1.8~dev12-3.17.1 openstack-nova-doc-16.1.8~dev12-3.17.1 openstack-nova-novncproxy-16.1.8~dev12-3.17.1 openstack-nova-placement-api-16.1.8~dev12-3.17.1 openstack-nova-scheduler-16.1.8~dev12-3.17.1 openstack-nova-serialproxy-16.1.8~dev12-3.17.1 openstack-nova-vncproxy-16.1.8~dev12-3.17.1 python-ceilometer-9.0.7~dev2-3.9.1 python-heat-9.0.6~dev15-3.12.1 python-horizon-12.0.4~dev4-3.14.1 python-ironic-9.1.7~dev6-3.12.1 python-magnum-5.0.2~dev30-4.9.1 python-nova-16.1.8~dev12-3.17.1 - SUSE OpenStack Cloud 8 (noarch): openstack-ceilometer-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.9.1 openstack-ceilometer-api-9.0.7~dev2-3.9.1 openstack-ceilometer-collector-9.0.7~dev2-3.9.1 openstack-ceilometer-doc-9.0.7~dev2-3.9.1 openstack-ceilometer-polling-9.0.7~dev2-3.9.1 openstack-dashboard-12.0.4~dev4-3.14.1 openstack-heat-9.0.6~dev15-3.12.1 openstack-heat-api-9.0.6~dev15-3.12.1 openstack-heat-api-cfn-9.0.6~dev15-3.12.1 openstack-heat-api-cloudwatch-9.0.6~dev15-3.12.1 openstack-heat-doc-9.0.6~dev15-3.12.1 openstack-heat-engine-9.0.6~dev15-3.12.1 openstack-heat-plugin-heat_docker-9.0.6~dev15-3.12.1 openstack-heat-test-9.0.6~dev15-3.12.1 openstack-ironic-9.1.7~dev6-3.12.1 openstack-ironic-api-9.1.7~dev6-3.12.1 openstack-ironic-conductor-9.1.7~dev6-3.12.1 openstack-ironic-doc-9.1.7~dev6-3.12.1 openstack-magnum-5.0.2~dev30-4.9.1 openstack-magnum-api-5.0.2~dev30-4.9.1 openstack-magnum-conductor-5.0.2~dev30-4.9.1 openstack-magnum-doc-5.0.2~dev30-4.9.1 openstack-nova-16.1.8~dev12-3.17.1 openstack-nova-api-16.1.8~dev12-3.17.1 openstack-nova-cells-16.1.8~dev12-3.17.1 openstack-nova-compute-16.1.8~dev12-3.17.1 openstack-nova-conductor-16.1.8~dev12-3.17.1 openstack-nova-console-16.1.8~dev12-3.17.1 openstack-nova-consoleauth-16.1.8~dev12-3.17.1 openstack-nova-doc-16.1.8~dev12-3.17.1 openstack-nova-novncproxy-16.1.8~dev12-3.17.1 openstack-nova-placement-api-16.1.8~dev12-3.17.1 openstack-nova-scheduler-16.1.8~dev12-3.17.1 openstack-nova-serialproxy-16.1.8~dev12-3.17.1 openstack-nova-vncproxy-16.1.8~dev12-3.17.1 python-ceilometer-9.0.7~dev2-3.9.1 python-heat-9.0.6~dev15-3.12.1 python-horizon-12.0.4~dev4-3.14.1 python-ironic-9.1.7~dev6-3.12.1 python-magnum-5.0.2~dev30-4.9.1 python-nova-16.1.8~dev12-3.17.1 venv-openstack-aodh-x86_64-5.0.1-12.11.1 venv-openstack-barbican-x86_64-5.0.1-12.12.1 venv-openstack-ceilometer-x86_64-9.0.2-12.9.1 venv-openstack-cinder-x86_64-11.0.2-14.12.1 venv-openstack-designate-x86_64-5.0.1-12.10.1 venv-openstack-freezer-x86_64-5.0.0-10.7.1 venv-openstack-glance-x86_64-15.0.1-12.10.1 venv-openstack-heat-x86_64-9.0.1-12.12.1 venv-openstack-horizon-x86_64-11.0.2-14.17.1 venv-openstack-ironic-x86_64-9.1.3-12.12.1 venv-openstack-keystone-x86_64-12.0.1-11.12.1 venv-openstack-magnum-x86_64-5.0.2-11.11.1 venv-openstack-manila-x86_64-5.0.2-12.14.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.7.1 venv-openstack-monasca-x86_64-2.2.1-11.9.1 venv-openstack-murano-x86_64-4.0.1-12.7.1 venv-openstack-neutron-x86_64-11.0.2-13.15.1 venv-openstack-nova-x86_64-16.0.3-11.13.1 venv-openstack-octavia-x86_64-1.0.2-12.12.1 venv-openstack-sahara-x86_64-7.0.1-11.11.1 venv-openstack-swift-x86_64-2.15.2-11.7.1 venv-openstack-trove-x86_64-8.0.0.0-11.11.1 - HPE Helion Openstack 8 (noarch): openstack-ceilometer-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.9.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.9.1 openstack-ceilometer-api-9.0.7~dev2-3.9.1 openstack-ceilometer-collector-9.0.7~dev2-3.9.1 openstack-ceilometer-doc-9.0.7~dev2-3.9.1 openstack-ceilometer-polling-9.0.7~dev2-3.9.1 openstack-dashboard-12.0.4~dev4-3.14.1 openstack-heat-9.0.6~dev15-3.12.1 openstack-heat-api-9.0.6~dev15-3.12.1 openstack-heat-api-cfn-9.0.6~dev15-3.12.1 openstack-heat-api-cloudwatch-9.0.6~dev15-3.12.1 openstack-heat-doc-9.0.6~dev15-3.12.1 openstack-heat-engine-9.0.6~dev15-3.12.1 openstack-heat-plugin-heat_docker-9.0.6~dev15-3.12.1 openstack-heat-test-9.0.6~dev15-3.12.1 openstack-ironic-9.1.7~dev6-3.12.1 openstack-ironic-api-9.1.7~dev6-3.12.1 openstack-ironic-conductor-9.1.7~dev6-3.12.1 openstack-ironic-doc-9.1.7~dev6-3.12.1 openstack-magnum-5.0.2~dev30-4.9.1 openstack-magnum-api-5.0.2~dev30-4.9.1 openstack-magnum-conductor-5.0.2~dev30-4.9.1 openstack-magnum-doc-5.0.2~dev30-4.9.1 openstack-nova-16.1.8~dev12-3.17.1 openstack-nova-api-16.1.8~dev12-3.17.1 openstack-nova-cells-16.1.8~dev12-3.17.1 openstack-nova-compute-16.1.8~dev12-3.17.1 openstack-nova-conductor-16.1.8~dev12-3.17.1 openstack-nova-console-16.1.8~dev12-3.17.1 openstack-nova-consoleauth-16.1.8~dev12-3.17.1 openstack-nova-doc-16.1.8~dev12-3.17.1 openstack-nova-novncproxy-16.1.8~dev12-3.17.1 openstack-nova-placement-api-16.1.8~dev12-3.17.1 openstack-nova-scheduler-16.1.8~dev12-3.17.1 openstack-nova-serialproxy-16.1.8~dev12-3.17.1 openstack-nova-vncproxy-16.1.8~dev12-3.17.1 python-ceilometer-9.0.7~dev2-3.9.1 python-heat-9.0.6~dev15-3.12.1 python-horizon-12.0.4~dev4-3.14.1 python-ironic-9.1.7~dev6-3.12.1 python-magnum-5.0.2~dev30-4.9.1 python-nova-16.1.8~dev12-3.17.1 venv-openstack-aodh-x86_64-5.0.1-12.11.1 venv-openstack-barbican-x86_64-5.0.1-12.12.1 venv-openstack-ceilometer-x86_64-9.0.2-12.9.1 venv-openstack-cinder-x86_64-11.0.2-14.12.1 venv-openstack-designate-x86_64-5.0.1-12.10.1 venv-openstack-freezer-x86_64-5.0.0-10.7.1 venv-openstack-glance-x86_64-15.0.1-12.10.1 venv-openstack-heat-x86_64-9.0.1-12.12.1 venv-openstack-horizon-hpe-x86_64-11.0.2-14.17.1 venv-openstack-ironic-x86_64-9.1.3-12.12.1 venv-openstack-keystone-x86_64-12.0.1-11.12.1 venv-openstack-magnum-x86_64-5.0.2-11.11.1 venv-openstack-manila-x86_64-5.0.2-12.14.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.7.1 venv-openstack-monasca-x86_64-2.2.1-11.9.1 venv-openstack-murano-x86_64-4.0.1-12.7.1 venv-openstack-neutron-x86_64-11.0.2-13.15.1 venv-openstack-nova-x86_64-16.0.3-11.13.1 venv-openstack-octavia-x86_64-1.0.2-12.12.1 venv-openstack-sahara-x86_64-7.0.1-11.11.1 venv-openstack-swift-x86_64-2.15.2-11.7.1 venv-openstack-trove-x86_64-8.0.0.0-11.11.1 References: https://bugzilla.suse.com/1113107 https://bugzilla.suse.com/1121862 From sle-updates at lists.suse.com Fri Mar 15 11:10:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Mar 2019 18:10:16 +0100 (CET) Subject: SUSE-SU-2019:13979-1: important: Security update for the Linux Kernel Message-ID: <20190315171016.36211FDF1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13979-1 Rating: important References: #1012382 #1031572 #1068032 #1086695 #1087081 #1094244 #1098658 #1104098 #1104367 #1104684 #1104818 #1105536 #1106105 #1106886 #1107371 #1109330 #1109806 #1110006 #1112963 #1113667 #1114440 #1114672 #1114920 #1115007 #1115038 #1115827 #1115828 #1115829 #1115830 #1115831 #1115832 #1115833 #1115834 #1115835 #1115836 #1115837 #1115838 #1115839 #1115840 #1115841 #1115842 #1115843 #1115844 #1116841 #1117796 #1117802 #1117805 #1117806 #1117943 #1118152 #1118319 #1118760 #1119255 #1119714 #1120056 #1120077 #1120086 #1120093 #1120094 #1120105 #1120107 #1120109 #1120217 #1120223 #1120226 #1120336 #1120347 #1120743 #1120950 #1121872 #1121997 #1122874 #1123505 #1123702 #1123706 #1124010 #1124735 #1125931 #931850 #969471 #969473 Cross-References: CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates (bnc#1123706). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#1121997). - block/swim: Fix array bounds check (Git-fix). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106886) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106886) - Fix kabi break cased by NFS: Cache state owners after files are closed (bsc#1031572). - fork: record start_time late (bsc#1121872). - fscache: Fix dead object requeue (bsc#1107371). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (git-fixes). - fs-cache: Move fscache_report_unexpected_submission() to make it more available (bsc#1107371). - fs-cache: When submitting an op, cancel it if the target object is dying (bsc#1107371). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382) (bsc#1123702). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#1104367). - lib: add "on"/"off" support to strtobool (bsc#1125931). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - nfs: Cache state owners after files are closed (bsc#1031572). - nfs: Do not drop CB requests with invalid principals (git-fixes). - nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572). - nlm: Ensure callback code also checks that the files match (git-fixes). - ocfs2: fix three small problems in the patch (bsc#1086695) - omap2fb: Fix stack memory disclosure (bsc#1106886) - pci/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/fadump: handle crash memory ranges array index overflow (git-fixes). - powerpc/fadump: Return error when fadump registration fails (git-fixes). - powerpc/fadump: Unregister fadump on kexec down path (git-fixes). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files" (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - rpm/modprobe-xen.conf: Add --ignore-install. - s390: always save and restore all registers on context switch (git-fixes). - s390/dasd: fix using offset into zero size array error (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960). - s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert " libfc: use offload EM instance again instead jumping to next EM" (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1123505, LTC#174581). - sg: fix dxferp in from_to case (bsc#1115844). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - usb: keyspan: fix overrun-error reporting (bsc#1114672). - usb: keyspan: fix tty line-status reporting (bsc#1114672). - usb: option: fix Cinterion AHxx enumeration (bsc#1114672). - usb: serial: ark3116: fix open error handling (bsc#1114672). - usb: serial: ch341: fix control-message error handling (bsc#1114672). - usb: serial: ch341: fix initial modem-control state (bsc#1114672). - usb: serial: ch341: fix modem-status handling (bsc#1114672). - usb: serial: ch341: fix open and resume after B0 (bsc#1114672). - usb: serial: ch341: fix resume after reset (bsc#1114672). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1114672). - usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - usb: serial: fix tty-device error handling at probe (bsc#1114672). - usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672). - usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672). - usb: serial: io_ti: fix NULL-deref at open (bsc#1114672). - usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - usb: serial: kl5kusb105: abort on open exception path (bsc#1114672). - usb: serial: kl5kusb105: fix open error path (bsc#1114672). - usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672). - usb: serial: mct_u232: fix modem-status error handling (bsc#1114672). - usb: serial: omninet: fix NULL-derefs at open and disconnect. - usb: serial: pl2303: fix NULL-deref at open (bsc#1114672). - usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672). - vmcore: Remove "weak" from function declarations (git-fixes). - x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684). - xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104684, bnc#1104818). - xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/process: Re-export start_thread() (bsc#1110006). - xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1087081). - xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix the logspace waiting algorithm (bsc#1122874). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20190225-13979=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20190225-13979=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20190225-13979=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-20190225-13979=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-kernel-20190225-13979=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20190225-13979=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.87.1 kernel-default-base-3.0.101-108.87.1 kernel-default-devel-3.0.101-108.87.1 kernel-source-3.0.101-108.87.1 kernel-syms-3.0.101-108.87.1 kernel-trace-3.0.101-108.87.1 kernel-trace-base-3.0.101-108.87.1 kernel-trace-devel-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.87.1 kernel-ec2-base-3.0.101-108.87.1 kernel-ec2-devel-3.0.101-108.87.1 kernel-xen-3.0.101-108.87.1 kernel-xen-base-3.0.101-108.87.1 kernel-xen-devel-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.87.1 kernel-bigmem-base-3.0.101-108.87.1 kernel-bigmem-devel-3.0.101-108.87.1 kernel-ppc64-3.0.101-108.87.1 kernel-ppc64-base-3.0.101-108.87.1 kernel-ppc64-devel-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.87.1 kernel-pae-base-3.0.101-108.87.1 kernel-pae-devel-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.87.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.87.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): ocfs2-kmp-rt-1.6_3.0.101_rt130_69.42-0.28.7.1 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.42-0.28.7.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): ocfs2-kmp-default-1.6_3.0.101_108.87-0.28.7.1 ocfs2-kmp-trace-1.6_3.0.101_108.87-0.28.7.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): ocfs2-kmp-xen-1.6_3.0.101_108.87-0.28.7.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): ocfs2-kmp-bigmem-1.6_3.0.101_108.87-0.28.7.1 ocfs2-kmp-ppc64-1.6_3.0.101_108.87-0.28.7.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): ocfs2-kmp-pae-1.6_3.0.101_108.87-0.28.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.87.1 kernel-default-debugsource-3.0.101-108.87.1 kernel-trace-debuginfo-3.0.101-108.87.1 kernel-trace-debugsource-3.0.101-108.87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.87.1 kernel-trace-devel-debuginfo-3.0.101-108.87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.87.1 kernel-ec2-debugsource-3.0.101-108.87.1 kernel-xen-debuginfo-3.0.101-108.87.1 kernel-xen-debugsource-3.0.101-108.87.1 kernel-xen-devel-debuginfo-3.0.101-108.87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.87.1 kernel-bigmem-debugsource-3.0.101-108.87.1 kernel-ppc64-debuginfo-3.0.101-108.87.1 kernel-ppc64-debugsource-3.0.101-108.87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.87.1 kernel-pae-debugsource-3.0.101-108.87.1 kernel-pae-devel-debuginfo-3.0.101-108.87.1 References: https://www.suse.com/security/cve/CVE-2016-10741.html https://www.suse.com/security/cve/CVE-2017-18360.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-7222.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1031572 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1086695 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1098658 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104367 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1105536 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106886 https://bugzilla.suse.com/1107371 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1114440 https://bugzilla.suse.com/1114672 https://bugzilla.suse.com/1114920 https://bugzilla.suse.com/1115007 https://bugzilla.suse.com/1115038 https://bugzilla.suse.com/1115827 https://bugzilla.suse.com/1115828 https://bugzilla.suse.com/1115829 https://bugzilla.suse.com/1115830 https://bugzilla.suse.com/1115831 https://bugzilla.suse.com/1115832 https://bugzilla.suse.com/1115833 https://bugzilla.suse.com/1115834 https://bugzilla.suse.com/1115835 https://bugzilla.suse.com/1115836 https://bugzilla.suse.com/1115837 https://bugzilla.suse.com/1115838 https://bugzilla.suse.com/1115839 https://bugzilla.suse.com/1115840 https://bugzilla.suse.com/1115841 https://bugzilla.suse.com/1115842 https://bugzilla.suse.com/1115843 https://bugzilla.suse.com/1115844 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117943 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1119255 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1120056 https://bugzilla.suse.com/1120077 https://bugzilla.suse.com/1120086 https://bugzilla.suse.com/1120093 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120105 https://bugzilla.suse.com/1120107 https://bugzilla.suse.com/1120109 https://bugzilla.suse.com/1120217 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120226 https://bugzilla.suse.com/1120336 https://bugzilla.suse.com/1120347 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120950 https://bugzilla.suse.com/1121872 https://bugzilla.suse.com/1121997 https://bugzilla.suse.com/1122874 https://bugzilla.suse.com/1123505 https://bugzilla.suse.com/1123702 https://bugzilla.suse.com/1123706 https://bugzilla.suse.com/1124010 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1125931 https://bugzilla.suse.com/931850 https://bugzilla.suse.com/969471 https://bugzilla.suse.com/969473 From sle-updates at lists.suse.com Fri Mar 15 11:11:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Mar 2019 18:11:56 +0100 (CET) Subject: SUSE-SU-2019:0617-1: important: Security update for java-1_8_0-ibm Message-ID: <20190315171156.8B351FDF1@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0617-1 Rating: important References: #1122292 #1122293 #1122299 #1128158 Cross-References: CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-617=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-617=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-617=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-617=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-617=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-617=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-617=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-617=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-617=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-617=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-617=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-devel-1.8.0_sr5.30-30.46.1 java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2018-1890.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2449.html https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1128158 From sle-updates at lists.suse.com Fri Mar 15 14:09:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Mar 2019 21:09:42 +0100 (CET) Subject: SUSE-SU-2019:0619-1: moderate: Security update for wireshark Message-ID: <20190315200942.B13CCFD43@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0619-1 Rating: moderate References: #1127367 #1127369 #1127370 Cross-References: CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-619=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-619=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.13-3.22.1 wireshark-debugsource-2.4.13-3.22.1 wireshark-devel-2.4.13-3.22.1 wireshark-ui-qt-2.4.13-3.22.1 wireshark-ui-qt-debuginfo-2.4.13-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.13-3.22.1 libwireshark9-debuginfo-2.4.13-3.22.1 libwiretap7-2.4.13-3.22.1 libwiretap7-debuginfo-2.4.13-3.22.1 libwscodecs1-2.4.13-3.22.1 libwscodecs1-debuginfo-2.4.13-3.22.1 libwsutil8-2.4.13-3.22.1 libwsutil8-debuginfo-2.4.13-3.22.1 wireshark-2.4.13-3.22.1 wireshark-debuginfo-2.4.13-3.22.1 wireshark-debugsource-2.4.13-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-9208.html https://www.suse.com/security/cve/CVE-2019-9209.html https://www.suse.com/security/cve/CVE-2019-9214.html https://bugzilla.suse.com/1127367 https://bugzilla.suse.com/1127369 https://bugzilla.suse.com/1127370 From sle-updates at lists.suse.com Mon Mar 18 08:09:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:09:39 +0100 (CET) Subject: SUSE-RU-2019:0621-1: moderate: Recommended update for pacemaker Message-ID: <20190318140939.44E14FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0621-1 Rating: moderate References: #1085515 #1090538 #1094208 #1107270 #1114840 #1121272 #1121808 #974108 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for pacemaker provides the following fixes: - cts: Do not require nodes to be specified if only listing tests. (bsc#1114840) - cts: Temporarily disable any enabled cluster services when running remote tests. - cts: Count service as enabled only if it is explicitly enabled. - cts: Ignore monitor failures when testing remote node fencing. - cts: Lower remote connection failure detection time. - cts: Clear constraints on cluster nodes. (bsc#1121272) - cts: Resume any possibly frozen pacemaker_remoted when cleaning up the test. (bsc#1121272) - cts: Simulate failure of pacemaker_remoted by freezing it with SIGSTOP. (bsc#1121272) - cts-exec: Run the tests for the other resource classes even without python systemd bindings. (bsc#1121808) - fenced: Handle fencing requested with nodeid by using the membership cache of known nodes. (bsc#1094208, bsc#1107270, bsc#974108) - controld: Make it possible to manually confirm unseen nodes are down. (bsc#1094208, bsc#1107270) - pengine: "symmetrical" defaults to "false" for serialize orders. (bsc#1085515) - pengine: Avoid potential use of NULL in unpack_simple_rsc_order(). (bsc#1085515) - pengine: Fix swapped warning message arguments leading to segfault. (bsc#1090538) - Pacemaker Explained: "symmetrical" defaults to "false" for serialize orders. (bsc#1085515) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-621=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-621=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.16-6.8.1 pacemaker-cts-1.1.16-6.8.1 pacemaker-cts-debuginfo-1.1.16-6.8.1 pacemaker-debuginfo-1.1.16-6.8.1 pacemaker-debugsource-1.1.16-6.8.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpacemaker3-1.1.16-6.8.1 libpacemaker3-debuginfo-1.1.16-6.8.1 pacemaker-1.1.16-6.8.1 pacemaker-cli-1.1.16-6.8.1 pacemaker-cli-debuginfo-1.1.16-6.8.1 pacemaker-cts-1.1.16-6.8.1 pacemaker-cts-debuginfo-1.1.16-6.8.1 pacemaker-debuginfo-1.1.16-6.8.1 pacemaker-debugsource-1.1.16-6.8.1 pacemaker-remote-1.1.16-6.8.1 pacemaker-remote-debuginfo-1.1.16-6.8.1 References: https://bugzilla.suse.com/1085515 https://bugzilla.suse.com/1090538 https://bugzilla.suse.com/1094208 https://bugzilla.suse.com/1107270 https://bugzilla.suse.com/1114840 https://bugzilla.suse.com/1121272 https://bugzilla.suse.com/1121808 https://bugzilla.suse.com/974108 From sle-updates at lists.suse.com Mon Mar 18 08:10:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:10:21 +0100 (CET) Subject: SUSE-SU-2019:0627-1: moderate: Security update for nodejs10 Message-ID: <20190318141021.C30F3FCD2@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0627-1 Rating: moderate References: #1127532 Cross-References: CVE-2019-5737 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs10 to versio 10.15.2 fixes the following issue: Security issue fixed: - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-627=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs10-10.15.2-1.6.1 nodejs10-debuginfo-10.15.2-1.6.1 nodejs10-debugsource-10.15.2-1.6.1 nodejs10-devel-10.15.2-1.6.1 npm10-10.15.2-1.6.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs10-docs-10.15.2-1.6.1 References: https://www.suse.com/security/cve/CVE-2019-5737.html https://bugzilla.suse.com/1127532 From sle-updates at lists.suse.com Mon Mar 18 08:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:11:21 +0100 (CET) Subject: SUSE-RU-2019:0620-1: moderate: Recommended update for tigervnc Message-ID: <20190318141121.CC430FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0620-1 Rating: moderate References: #1125290 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tigervnc fixes the following issues: - Adds new support for two xorg server version: 1.18 and 1.19 (bsc#1125290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-620=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-620=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-22.3.1 libXvnc1-debuginfo-1.6.0-22.3.1 tigervnc-1.6.0-22.3.1 tigervnc-debuginfo-1.6.0-22.3.1 tigervnc-debugsource-1.6.0-22.3.1 xorg-x11-Xvnc-1.6.0-22.3.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libXvnc1-1.6.0-22.3.1 libXvnc1-debuginfo-1.6.0-22.3.1 tigervnc-1.6.0-22.3.1 tigervnc-debuginfo-1.6.0-22.3.1 tigervnc-debugsource-1.6.0-22.3.1 xorg-x11-Xvnc-1.6.0-22.3.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.3.1 References: https://bugzilla.suse.com/1125290 From sle-updates at lists.suse.com Mon Mar 18 08:11:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:11:49 +0100 (CET) Subject: SUSE-RU-2019:0626-1: moderate: Recommended update for fence-agents Message-ID: <20190318141149.8E863FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0626-1 Rating: moderate References: #1088358 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: A new Google Compute Engine image client was added (fence_ge): - fence_gce: new agent (pull#159) (fate#325539) (bsc#1088358) - fence_gce: zone & project parameters are mandatory (pull#177) (fate#325539) (bsc#1088358) - fence_gce: Clean up and log errors (pull#194) (fate#325539) (bsc#1088358) - fence_gce: google-auth instead of oauth2client (pull#197) - fence_gce: logging and non required parameters (pull##211) - fence_gce: filter call to aggregatedList (pull#218) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-626=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): fence-agents-4.0.25+git.1485179354.eb43835-4.11.1 fence-agents-debuginfo-4.0.25+git.1485179354.eb43835-4.11.1 fence-agents-debugsource-4.0.25+git.1485179354.eb43835-4.11.1 References: https://bugzilla.suse.com/1088358 From sle-updates at lists.suse.com Mon Mar 18 08:12:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:12:19 +0100 (CET) Subject: SUSE-SU-2019:0628-1: important: Security update for galera-3, mariadb, mariadb-connector-c Message-ID: <20190318141219.02FCDFCD2@maintenance.suse.de> SUSE Security Update: Security update for galera-3, mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0628-1 Rating: important References: #1013882 #1097938 #1098683 #1101676 #1101677 #1101678 #1103342 #1111858 #1111859 #1112368 #1112377 #1112384 #1112386 #1112391 #1112397 #1112404 #1112415 #1112417 #1112421 #1112432 #1116686 #1118754 #1120041 Cross-References: CVE-2016-9843 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 6 fixes is now available. Description: This update for mariadb, galera-3, mariadb-connector fixes the following issues: Security vulnerabilities addressed for mariadb: - CVE-2016-9843 [bsc#1013882] - CVE-2018-3058 [bsc#1101676] - CVE-2018-3060 - CVE-2018-3063 [bsc#1101677] - CVE-2018-3064 [bsc#1103342] - CVE-2018-3066 [bsc#1101678] - CVE-2018-3143 [bsc#1112421] - CVE-2018-3156 [bsc#1112417] - CVE-2018-3162 [bsc#1112415] - CVE-2018-3173 [bsc#1112386] - CVE-2018-3174 [bsc#1112368] - CVE-2018-3185 [bsc#1112384] - CVE-2018-3200 [bsc#1112404] - CVE-2018-3251 [bsc#1112397] - CVE-2018-3277 [bsc#1112391] - CVE-2018-3282 [bsc#1112432] - CVE-2018-3284 [bsc#1112377] Other bug fixes and changes for mariadb: - update to 10.2.21 GA * MDEV-17589 - Stack-buffer-overflow with indexed varchar (utf8) field * MDEV-16987 - ALTER DATABASE possible in read-only mode (forbid ALTER DATABASE in read_only) * MDEV-17720 - slave_ddl_exec_mode=IDEMPOTENT does not handle DROP DATABASE * MDEV-6453 - Assertion `inited==NONE || (inited==RND && scan)' failed in handler::ha_rnd_init(bool) with InnoDB, joins, AND/OR conditions * MDEV-18105 - Mariabackup fails to copy encrypted InnoDB system tablespace if LSN>4G * MDEV-18041 - Database corruption after renaming a prefix-indexed column [bsc#1120041] * MDEV-17470 - Orphan temporary files after interrupted ALTER cause InnoDB: Operating system error number 17 and eventual fatal error 71 * MDEV-17833: ALTER TABLE is not enforcing prefix index size limit * MDEV-17989: InnoDB: Failing assertion: dict_tf2_is_valid(flags, flags2) * MDEV-17765: Locking bug fix for SPATIAL INDEX * MDEV-17923, MDEV-17904, MDEV-17938: Fixes for FULLTEXT INDEX * Fixes for regressions introduced in MariaDB Server 10.2.19 by the backup-safe TRUNCATE TABLE (MDEV-13564, innodb_safe_truncate=ON) and innodb_undo_log_truncate: * MDEV-17780, MDEV-17816, MDEV-17849, MDEV-17851, MDEV-17885 * Several improvements to MariaDB Server and backup for dealing with encrypted or page_compressed pages: * MDEV-12112: corruption in encrypted table may be overlooked * MDEV-17958: On little-endian systems, remove bug-compatible variant of innodb_checksum_algorithm=crc32 * MDEV-17957: Make innodb_checksum_algorithm stricter for strict_* values * MDEV-18025: Mariabackup fails to detect corrupted page_compressed=1 tables * release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10221-release-notes - https://mariadb.com/kb/en/library/mariadb-10221-changelog - https://mariadb.com/kb/en/library/mariadb-10220-release-notes - https://mariadb.com/kb/en/library/mariadb-10220-changelog - remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - Add patch to link against libatomic where necessary and use C++11 atomics instead of gcc built-in atomics - update to 10.2.19 GA [bsc#1116686] * innodb_safe_truncate system variable for a backup-safe TRUNCATE TABLE implementation that is based on RENAME, CREATE, DROP (MDEV-14717, MDEV-14585, MDEV-13564). Default value for this variable is ON. If you absolutely must use XtraBackup instead of Mariabackup, you can set it to OFF and restart the server * MDEV-17289: Multi-pass recovery fails to apply some redo log records * MDEV-17073: INSERT???ON DUPLICATE KEY UPDATE became more deadlock-prone * MDEV-17491: micro optimize page_id_t * MDEV-13671: InnoDB should use case-insensitive column name comparisons like the rest of the server * Fixes for indexed virtual columns: MDEV-17215, MDEV-16980 * MDEV-17433: Allow InnoDB start up with empty ib_logfile0 from mariabackup --prepare * MDEV-12547: InnoDB FULLTEXT index has too strict innodb_ft_result_cache_limit max limit * MDEV-17541: KILL QUERY during lock wait in FOREIGN KEY check causes hang * MDEV-17531: Crash in RENAME TABLE with FOREIGN KEY and FULLTEXT INDEX * MDEV-17532: Performance_schema reports wrong directory for the temporary files of ALTER TABLE???ALGORITHM=INPLACE * MDEV-17545: Predicate lock for SPATIAL INDEX should lock non-matching record * MDEV-17546: SPATIAL INDEX should not be allowed for FOREIGN KEY * MDEV-17548: Incorrect access to off-page column for indexed virtual column * MDEV-12023: Assertion failure sym_node->table != NULL on startup * MDEV-17230: encryption_key_id from alter is ignored by encryption threads * release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10219-release-notes - https://mariadb.com/kb/en/library/mariadb-10219-changelog - do not pack libmariadb.pc (packed in mariadb-connector-c) - add "Requires: libmariadb_plugins" to the mariadb-test subpackage in order to be able to test client plugins successfuly (bsc#1111859) - don't remove debug_key_management.so anymore (bsc#1111858) - update to 10.2.18 GA * MDEV-15511 - if available, stunnel can be used during Galera rsync SST * MDEV-16791 - mariabackup: Support DDL commands during backup * MDEV-13564 - Refuse MLOG_TRUNCATE in mariabackup * MDEV-16934 - add new system variable eq_range_index_dive_limit to speed up queries that new long nested IN lists. The default value, for backward compatibility, is 0 meaning "unlimited". * MDEV-13333 - errors on InnoDB lock conflict * Report all InnoDB redo log corruption * MDEV-17043 - Purge of indexed virtual columns may cause hang on table-rebuilding DDL * MDEV-16868 - corruption of InnoDB temporary tables * MDEV-16465 - Invalid (old?) table or database name or hang in ha_innobase::delete_table and log semaphore wait upon concurrent DDL with foreign keys * release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10218-release-notes - https://mariadb.com/kb/en/library/mariadb-10218-changelog - update to 10.2.17 GA * New variable innodb_log_optimize_ddl for avoiding delay due to page flushing and allowing concurrent backup * InnoDB updated to 5.7.23 * MDEV-14637 - Fix hang due to DDL with FOREIGN KEY or persistent statistics * MDEV-15953 - Alter InnoDB Partitioned Table Moves Files (which were originally not in the datadir) to the datadir * MDEV-16515 - InnoDB: Failing assertion: ++retries < 10000 in file dict0dict.cc line 2737 * MDEV-16809 - Allow full redo logging for ALTER TABLE * Temporary tables: MDEV-16713 - InnoDB hang with repeating log entry * indexed virtual columns: MDEV-15855 - Deadlock between purge thread and DDL statement * MDEV-16664 - Change the default to innodb_lock_schedule_algorithm=fcfs * Galera: MDEV-15822 - WSREP: BF lock wait long for trx * release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10217-release-notes - https://mariadb.com/kb/en/library/mariadb-10217-changelog - switch to libedit as control sequences were already fixed there so we don't have to avoid it (bsc#1098683) - update to 10.2.16 GA * MDEV-13122: mariabackup now supports MyRocks * MDEV-13779 - InnoDB fails to shut down purge workers, causing hang * MDEV-16267 - Wrong INFORMATION_SCHEMA.INNODB_BUFFER_PAGE.\ TABLE_NAME * MDEV-13834 - Upgrade failure from 10.1 innodb_encrypt_log * MDEV-16283 - ALTER TABLE...DISCARD TABLESPACE still takes long on a large buffer pool * MDEV-16376 - ASAN: heap-use-after-free in gcol.innodb_virtual_debug * MDEV-15824 - innodb_defragment=ON trumps innodb_optimize_fulltext_only=ON in OPTIMIZE TABLE * MDEV-16124 - fil_rename_tablespace() times out and crashes server during table-rebuilding ALTER TABLE * MDEV-16416 - Crash on IMPORT TABLESPACE of a ROW_FORMAT=COMPRESSED table * MDEV-16456 - InnoDB error "returned OS error 71" complains about wrong path * MDEV-13103 - Deal with page_compressed page corruption * MDEV-16496 - Mariabackup: Implement --verbose option to instrument InnoDB log apply * MDEV-16087 - Inconsistent SELECT results when query cache is enabled * MDEV-15114 - ASAN heap-use-after-free in mem_heap_dup or dfield_data_is_binary_equal (fix for indexed virtual columns) * release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10216-release-notes - https://mariadb.com/kb/en/library/mariadb-10216-changelog - pack wsrep_sst_rsync_wan file to galera subpackage Bug fixes and changes for galera-3: - update to 25.3.24: * A support for new certification key type was added to allow more relaxed certification rules for foreign key references (galera#491). * New status variables were added to display the number of open transactions and referenced client connections inside Galera provider (galera#492). * GCache was sometimes cleared unnecessarily on startup if the recovered state had smaller sequence number than the highest found from GCache. Now only entries with sequence number higher than recovery point will be cleared (galera#498). * Non-primary configuration is saved into grastate.dat only when if the node is in closing state (galera#499). * Exception from GComm was not always handled properly resulting in Galera to remain in half closed state. This was fixed by propagating the error condition appropriately to upper layers (galera#500). * A new status variable displaying the total weight of the cluster nodes was added (galera#501). * The value of pc.weight did not reflect the actual effective value after setting it via wsrep_provider_options. This was fixed by making sure that the new value is taken into use before returning the control back to caller (galera#505, MDEV-11959) * Use of ECHD algorithms with old OpenSSL versions was enabled (galera#511). * Default port value is now used by garbd if the port is not explicitly given in cluster address (MDEV-15531). * Correct error handling for posix_fallocate(). * Failed causal reads are retried during configuration changes. Bug fixes and changes for mariadb-connector-c: - New upstream version 3.0.6 * MDEV-15263: FIx IS_NUM() macro * CONC-297: local infile parameter must be unsigned int instead of my_bool * CONC-329: change return value of internal socket functions from my_bool to int * CONC-332: my_auth doesn't read/update server ok packet * CONC-344: reset internal row counter * CONC-345: invalid heap use after free * CONC-346: Remove old cmake policies * fixed crash in mysql_select_db if NULL parameter was provided - New upstream version 3.0.5 * CONC-336: Allow multiple initialization of client library * Fixed string to MYSQL_TIME conversion (prepared statements) * CONC-334: Copy all members of MYSQL_FIELD to internal statement structure * Fixed double free in dynamic column library * Added checks for corrupted packets in protocol * MDEV-15450: Added default connection attribute _server_host * CONC-326: fixed wrong openssl thread id callback - New upstream version 3.0.4 * Added option MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS for mysql_options()/mysql_optionsv(): * New plugin configuration interface: The default configuration for a specific plugin can be specified via cmake parameter -DCLIENT_PLUGIN_${PLUGIN}=[DYNAMIC|STATIC|OFF]. * Added support for linux abstract socket (MDEV-15655). * CONC-320: Added asynchronous/non-blocking support for OpenSSL and GnuTLS * CONC-294: Access violation in mysql_close when using a connection plugin. * MDEV-14977: If built dynamically the old_password plugin could not be located due to wrong filename (must be mysql_old_password.so instead of old_password.so). * CONC-315: If no default client character set was specified, the utf8 character set will be used by default (instead of setting the client character set to server character set) * CONC-317: Parsing of configuration file fails if key/value pairs contain white spaces. * CONC-322: Correct handling of EAGAIN and EINPROGRESS in internal_connect (socket) for non windows platforms. * CONC-323: mariadb_stmt_execute_direct hangs forever if compression used. * CONC-324: Wrong codepage numbers for some collations. * CONC-326: ssl_thread_init() uses wrong openssl threadid callback - Drop libmysqlclient_r Provides from the -devel package. (bsc#1097938) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-628=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-628=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-628=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): mariadb-errormessages-10.2.21-4.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): galera-3-debuginfo-25.3.24-4.3.1 galera-3-debugsource-25.3.24-4.3.1 galera-3-wsrep-provider-25.3.24-4.3.1 galera-3-wsrep-provider-debuginfo-25.3.24-4.3.1 libmariadb3-3.0.6-3.6.1 libmariadb3-debuginfo-3.0.6-3.6.1 mariadb-10.2.21-4.8.1 mariadb-client-10.2.21-4.8.1 mariadb-client-debuginfo-10.2.21-4.8.1 mariadb-connector-c-debugsource-3.0.6-3.6.1 mariadb-debuginfo-10.2.21-4.8.1 mariadb-debugsource-10.2.21-4.8.1 mariadb-galera-10.2.21-4.8.1 mariadb-tools-10.2.21-4.8.1 mariadb-tools-debuginfo-10.2.21-4.8.1 - SUSE OpenStack Cloud 8 (noarch): mariadb-errormessages-10.2.21-4.8.1 - SUSE OpenStack Cloud 8 (x86_64): galera-3-debuginfo-25.3.24-4.3.1 galera-3-debugsource-25.3.24-4.3.1 galera-3-wsrep-provider-25.3.24-4.3.1 galera-3-wsrep-provider-debuginfo-25.3.24-4.3.1 libmariadb3-3.0.6-3.6.1 libmariadb3-debuginfo-3.0.6-3.6.1 mariadb-10.2.21-4.8.1 mariadb-client-10.2.21-4.8.1 mariadb-client-debuginfo-10.2.21-4.8.1 mariadb-connector-c-debugsource-3.0.6-3.6.1 mariadb-debuginfo-10.2.21-4.8.1 mariadb-debugsource-10.2.21-4.8.1 mariadb-galera-10.2.21-4.8.1 mariadb-tools-10.2.21-4.8.1 mariadb-tools-debuginfo-10.2.21-4.8.1 - HPE Helion Openstack 8 (noarch): mariadb-errormessages-10.2.21-4.8.1 - HPE Helion Openstack 8 (x86_64): galera-3-debuginfo-25.3.24-4.3.1 galera-3-debugsource-25.3.24-4.3.1 galera-3-wsrep-provider-25.3.24-4.3.1 galera-3-wsrep-provider-debuginfo-25.3.24-4.3.1 libmariadb3-3.0.6-3.6.1 libmariadb3-debuginfo-3.0.6-3.6.1 mariadb-10.2.21-4.8.1 mariadb-client-10.2.21-4.8.1 mariadb-client-debuginfo-10.2.21-4.8.1 mariadb-connector-c-debugsource-3.0.6-3.6.1 mariadb-debuginfo-10.2.21-4.8.1 mariadb-debugsource-10.2.21-4.8.1 mariadb-galera-10.2.21-4.8.1 mariadb-tools-10.2.21-4.8.1 mariadb-tools-debuginfo-10.2.21-4.8.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3060.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3162.html https://www.suse.com/security/cve/CVE-2018-3173.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3185.html https://www.suse.com/security/cve/CVE-2018-3200.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3277.html https://www.suse.com/security/cve/CVE-2018-3282.html https://www.suse.com/security/cve/CVE-2018-3284.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1097938 https://bugzilla.suse.com/1098683 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1111858 https://bugzilla.suse.com/1111859 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112377 https://bugzilla.suse.com/1112384 https://bugzilla.suse.com/1112386 https://bugzilla.suse.com/1112391 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112404 https://bugzilla.suse.com/1112415 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 https://bugzilla.suse.com/1120041 From sle-updates at lists.suse.com Mon Mar 18 08:14:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:14:01 +0100 (CET) Subject: SUSE-SU-2019:0629-1: moderate: Security update for yast2-rmt Message-ID: <20190318141401.3EDEBFCD2@maintenance.suse.de> SUSE Security Update: Security update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0629-1 Rating: moderate References: #1119835 #1120672 #1123562 Cross-References: CVE-2018-20105 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for yast2-rmt to 1.2.2 fixes the following issues: Security issue fixed: - CVE-2018-20105: Pass SSL password to Cheetah CLI interface securely (bsc#1119835) Non-security issues fixed: - Launch as root from gnome-shell menu (bsc#1123562) - Remove broken hyperlink from help (bsc#1120672) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-629=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-rmt-1.2.2-3.18.1 References: https://www.suse.com/security/cve/CVE-2018-20105.html https://bugzilla.suse.com/1119835 https://bugzilla.suse.com/1120672 https://bugzilla.suse.com/1123562 From sle-updates at lists.suse.com Mon Mar 18 08:14:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:14:34 +0100 (CET) Subject: SUSE-RU-2019:0625-1: moderate: Recommended update for libica Message-ID: <20190318141434.B7C1CFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0625-1 Rating: moderate References: #1125890 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libica fixes the following issues: - Fixed an out of bounds write in the AES GCM routines, where icainfo generating a SIGABRT free(): invalid pointer error. (bsc#1125890) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-625=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (s390x): libica-debugsource-3.2.0-6.3.1 libica-devel-3.2.0-6.3.1 libica-devel-static-3.2.0-6.3.1 libica-tools-3.2.0-6.3.1 libica-tools-debuginfo-3.2.0-6.3.1 libica3-3.2.0-6.3.1 libica3-debuginfo-3.2.0-6.3.1 References: https://bugzilla.suse.com/1125890 From sle-updates at lists.suse.com Mon Mar 18 08:15:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:15:02 +0100 (CET) Subject: SUSE-RU-2019:13980-1: moderate: Recommended update for arpwatch Message-ID: <20190318141502.DB801FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13980-1 Rating: moderate References: #1119851 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for arpwatch provides the following fix: - Prevent a memory leak in gethname. (bsc#1119851) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-arpwatch-13980=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-arpwatch-13980=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-arpwatch-13980=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-arpwatch-13980=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): arpwatch-ethercodes-build-2.1a15-131.23.2.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): arpwatch-2.1a15-131.23.2.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): arpwatch-2.1a15-131.23.2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): arpwatch-debuginfo-2.1a15-131.23.2.3.1 arpwatch-debugsource-2.1a15-131.23.2.3.1 References: https://bugzilla.suse.com/1119851 From sle-updates at lists.suse.com Mon Mar 18 08:15:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:15:36 +0100 (CET) Subject: SUSE-RU-2019:0623-1: moderate: Recommended update for samba Message-ID: <20190318141536.295E9FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0623-1 Rating: moderate References: #1112223 #1114459 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for samba fixes the following issues: - Fix winbind issues with start configuration. (bsc#1112223) - Fix winbind running out of memory with high number of domain groups. (bsc#1114459) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-623=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-623=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-623=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-623=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-623=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-623=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-623=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-623=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-623=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard-devel-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util-devel-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient-devel-4.6.16+git.133.479a9537a28-3.35.4 libwbclient-devel-4.6.16+git.133.479a9537a28-3.35.4 samba-core-devel-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt-devel-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard-devel-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util-devel-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient-devel-4.6.16+git.133.479a9537a28-3.35.4 libwbclient-devel-4.6.16+git.133.479a9537a28-3.35.4 samba-core-devel-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr0-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-4.6.16+git.133.479a9537a28-3.35.4 samba-client-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): samba-doc-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr0-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-4.6.16+git.133.479a9537a28-3.35.4 samba-client-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.133.479a9537a28-3.35.4 ctdb-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.133.479a9537a28-3.35.4 ctdb-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-4.6.16+git.133.479a9537a28-3.35.4 samba-client-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): samba-doc-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc-binding0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libdcerpc0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-krb5pac0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-nbt0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr-standard0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libndr0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libndr0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libnetapi0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-credentials0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-errors0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-hostconfig0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-passdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamba-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsamdb0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbconf0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libsmbldap0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libtevent-util0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 libwbclient0-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-4.6.16+git.133.479a9537a28-3.35.4 samba-client-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-client-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-libs-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-32bit-4.6.16+git.133.479a9537a28-3.35.4 samba-winbind-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.133.479a9537a28-3.35.4 ctdb-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-ceph-4.6.16+git.133.479a9537a28-3.35.4 samba-ceph-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debuginfo-4.6.16+git.133.479a9537a28-3.35.4 samba-debugsource-4.6.16+git.133.479a9537a28-3.35.4 References: https://bugzilla.suse.com/1112223 https://bugzilla.suse.com/1114459 From sle-updates at lists.suse.com Mon Mar 18 08:16:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Mar 2019 15:16:09 +0100 (CET) Subject: SUSE-SU-2019:13981-1: important: Security update for openwsman Message-ID: <20190318141609.918E4FCD2@maintenance.suse.de> SUSE Security Update: Security update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13981-1 Rating: important References: #1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openwsman-13981=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openwsman-13981=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openwsman-13981=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman-devel-2.2.3-0.16.8.1 openwsman-python-2.2.3-0.16.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman1-2.2.3-0.16.8.1 openwsman-client-2.2.3-0.16.8.1 openwsman-server-2.2.3-0.16.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openwsman-debuginfo-2.2.3-0.16.8.1 openwsman-debugsource-2.2.3-0.16.8.1 References: https://www.suse.com/security/cve/CVE-2019-3816.html https://www.suse.com/security/cve/CVE-2019-3833.html https://bugzilla.suse.com/1122623 From sle-updates at lists.suse.com Tue Mar 19 08:09:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 15:09:52 +0100 (CET) Subject: SUSE-SU-2019:0636-1: moderate: Security update for nodejs10 Message-ID: <20190319140952.AEB01FCB4@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0636-1 Rating: moderate References: #1127532 Cross-References: CVE-2019-5737 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs10 to version 10.1.2 fixes the following issue: Security issue fixed: - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-636=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.15.2-1.6.1 nodejs10-debuginfo-10.15.2-1.6.1 nodejs10-debugsource-10.15.2-1.6.1 nodejs10-devel-10.15.2-1.6.1 npm10-10.15.2-1.6.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.15.2-1.6.1 References: https://www.suse.com/security/cve/CVE-2019-5737.html https://bugzilla.suse.com/1127532 From sle-updates at lists.suse.com Tue Mar 19 08:10:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 15:10:26 +0100 (CET) Subject: SUSE-SU-2019:0635-1: moderate: Security update for nodejs8 Message-ID: <20190319141026.BD08DFCB4@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0635-1 Rating: moderate References: #1127532 Cross-References: CVE-2019-5737 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs8 to version 8.15.1 fixes the following issue: Security issue fixed: - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-635=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.15.1-3.14.1 nodejs8-debuginfo-8.15.1-3.14.1 nodejs8-debugsource-8.15.1-3.14.1 nodejs8-devel-8.15.1-3.14.1 npm8-8.15.1-3.14.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.15.1-3.14.1 References: https://www.suse.com/security/cve/CVE-2019-5737.html https://bugzilla.suse.com/1127532 From sle-updates at lists.suse.com Tue Mar 19 08:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 15:11:00 +0100 (CET) Subject: SUSE-SU-2019:13982-1: moderate: Security update for libssh2_org Message-ID: <20190319141100.59C76FCB4@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13982-1 Rating: moderate References: #1128471 #1128472 #1128474 #1128476 #1128480 #1128481 #1128490 #1128492 #1128493 Cross-References: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libssh2_org-13982=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libssh2_org-13982=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libssh2_org-13982=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2-devel-1.4.3-17.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libssh2-1-32bit-1.4.3-17.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libssh2-1-1.4.3-17.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libssh2-1-x86-1.4.3-17.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2-1-1.4.3-17.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2_org-debuginfo-1.4.3-17.3.1 libssh2_org-debugsource-1.4.3-17.3.1 References: https://www.suse.com/security/cve/CVE-2019-3855.html https://www.suse.com/security/cve/CVE-2019-3856.html https://www.suse.com/security/cve/CVE-2019-3857.html https://www.suse.com/security/cve/CVE-2019-3858.html https://www.suse.com/security/cve/CVE-2019-3859.html https://www.suse.com/security/cve/CVE-2019-3860.html https://www.suse.com/security/cve/CVE-2019-3861.html https://www.suse.com/security/cve/CVE-2019-3862.html https://www.suse.com/security/cve/CVE-2019-3863.html https://bugzilla.suse.com/1128471 https://bugzilla.suse.com/1128472 https://bugzilla.suse.com/1128474 https://bugzilla.suse.com/1128476 https://bugzilla.suse.com/1128480 https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1128490 https://bugzilla.suse.com/1128492 https://bugzilla.suse.com/1128493 From sle-updates at lists.suse.com Tue Mar 19 11:10:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 18:10:07 +0100 (CET) Subject: SUSE-RU-2019:0640-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190319171007.54C97FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0640-1 Rating: moderate References: #1122262 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - backport of newly introduced NetworkManager wifi-scan rule (bsc#1122262). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-640=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.22.1 References: https://bugzilla.suse.com/1122262 From sle-updates at lists.suse.com Tue Mar 19 11:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 18:10:46 +0100 (CET) Subject: SUSE-SU-2019:0639-1: moderate: Security update for ldb Message-ID: <20190319171046.5EB1AFCB4@maintenance.suse.de> SUSE Security Update: Security update for ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0639-1 Rating: moderate References: #1125410 Cross-References: CVE-2019-3824 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ldb fixes the following issue: Security issue fixed: - CVE-2019-3824: Fixed an out-of-bound read vulnerability in ldb_wildcard_compare (bsc#1125410). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-639=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-639=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.2.3-3.8.1 ldb-tools-1.2.3-3.8.1 ldb-tools-debuginfo-1.2.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.2.3-3.8.1 libldb-devel-1.2.3-3.8.1 libldb1-1.2.3-3.8.1 libldb1-debuginfo-1.2.3-3.8.1 python-ldb-1.2.3-3.8.1 python-ldb-debuginfo-1.2.3-3.8.1 python-ldb-devel-1.2.3-3.8.1 python3-ldb-1.2.3-3.8.1 python3-ldb-debuginfo-1.2.3-3.8.1 python3-ldb-devel-1.2.3-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-3824.html https://bugzilla.suse.com/1125410 From sle-updates at lists.suse.com Tue Mar 19 11:11:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 18:11:28 +0100 (CET) Subject: SUSE-RU-2019:0641-1: moderate: Recommended update for glibc Message-ID: <20190319171128.DE84AFCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0641-1 Rating: moderate References: #1112570 #1114984 #1114993 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-641=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-641=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-641=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glibc-html-2.26-13.11.4 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.11.4 glibc-debugsource-2.26-13.11.4 glibc-devel-static-2.26-13.11.4 glibc-utils-2.26-13.11.4 glibc-utils-debuginfo-2.26-13.11.4 glibc-utils-src-debugsource-2.26-13.11.4 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.11.4 glibc-devel-32bit-2.26-13.11.4 glibc-devel-32bit-debuginfo-2.26-13.11.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.11.4 glibc-debuginfo-2.26-13.11.4 glibc-debugsource-2.26-13.11.4 glibc-devel-2.26-13.11.4 glibc-devel-debuginfo-2.26-13.11.4 glibc-extra-2.26-13.11.4 glibc-extra-debuginfo-2.26-13.11.4 glibc-locale-2.26-13.11.4 glibc-locale-base-2.26-13.11.4 glibc-locale-base-debuginfo-2.26-13.11.4 glibc-profile-2.26-13.11.4 nscd-2.26-13.11.4 nscd-debuginfo-2.26-13.11.4 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.11.4 glibc-32bit-debuginfo-2.26-13.11.4 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.11.4 glibc-info-2.26-13.11.4 References: https://bugzilla.suse.com/1112570 https://bugzilla.suse.com/1114984 https://bugzilla.suse.com/1114993 From sle-updates at lists.suse.com Tue Mar 19 11:12:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 18:12:28 +0100 (CET) Subject: SUSE-SU-2019:0642-1: moderate: Security update for lftp Message-ID: <20190319171228.23BD0FCB4@maintenance.suse.de> SUSE Security Update: Security update for lftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0642-1 Rating: moderate References: #1103367 #1120946 Cross-References: CVE-2018-10916 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-642=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-642=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-642=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-642=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-10916.html https://bugzilla.suse.com/1103367 https://bugzilla.suse.com/1120946 From sle-updates at lists.suse.com Tue Mar 19 14:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 21:09:14 +0100 (CET) Subject: SUSE-SU-2019:0651-1: moderate: Security update for go1.11 Message-ID: <20190319200914.8F3CEF7BB@maintenance.suse.de> SUSE Security Update: Security update for go1.11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0651-1 Rating: moderate References: #1123013 Cross-References: CVE-2019-6486 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for go1.11 to version 1.11.5 fixes the following issues: Security issue fixed: - CVE-2019-6486: Fixed a CPU Denial-of-Service vulnerability affecting crypto/ellpitic related to P-521 and P-384 (bsc#1123013 go#29903). Other bug fixes and changes made: - Fix erroneous trailing backslash in %post script. - Use better forms of -exec \; in some places. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-651=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.11-1.11.5-1.9.1 go1.11-doc-1.11.5-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-6486.html https://bugzilla.suse.com/1123013 From sle-updates at lists.suse.com Tue Mar 19 14:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 21:09:46 +0100 (CET) Subject: SUSE-SU-2019:0645-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20190319200946.41FA2F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0645-1 Rating: important References: #1103098 #1124734 #1128378 Cross-References: CVE-2018-5391 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker might have caused a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-645=1 SUSE-SLE-SERVER-12-2019-646=1 SUSE-SLE-SERVER-12-2019-647=1 SUSE-SLE-SERVER-12-2019-648=1 SUSE-SLE-SERVER-12-2019-649=1 SUSE-SLE-SERVER-12-2019-650=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-12-2.1 kgraft-patch-3_12_61-52_125-xen-12-2.1 kgraft-patch-3_12_61-52_128-default-10-2.1 kgraft-patch-3_12_61-52_128-xen-10-2.1 kgraft-patch-3_12_61-52_133-default-9-2.1 kgraft-patch-3_12_61-52_133-xen-9-2.1 kgraft-patch-3_12_61-52_136-default-9-2.1 kgraft-patch-3_12_61-52_136-xen-9-2.1 kgraft-patch-3_12_61-52_141-default-8-2.1 kgraft-patch-3_12_61-52_141-xen-8-2.1 kgraft-patch-3_12_61-52_146-default-6-2.1 kgraft-patch-3_12_61-52_146-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1103098 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Mar 19 14:10:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 21:10:35 +0100 (CET) Subject: SUSE-SU-2019:0643-1: moderate: Security update for lftp Message-ID: <20190319201035.1F067F7BB@maintenance.suse.de> SUSE Security Update: Security update for lftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0643-1 Rating: moderate References: #1103367 #1120946 Cross-References: CVE-2018-10916 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-643=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): lftp-4.8.3-4.3.1 lftp-debuginfo-4.8.3-4.3.1 lftp-debugsource-4.8.3-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10916.html https://bugzilla.suse.com/1103367 https://bugzilla.suse.com/1120946 From sle-updates at lists.suse.com Tue Mar 19 14:11:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Mar 2019 21:11:52 +0100 (CET) Subject: SUSE-RU-2019:0644-1: moderate: Recommended update for sbd Message-ID: <20190319201152.0D641F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0644-1 Rating: moderate References: #1102930 #1107321 #1112918 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: Updated to version 1.4.0+20190123.1829c40: - sbd.sysconfig: watchdog timeout set in the on-disk metadata takes precedence - sbd.8.pod: use the generic term "cluster services" instead of the specific "openais" (bsc#1112918) - make timeout-action executed by sbd configurable - use pacemaker's new pe api with constructors/destructors - sbd-common: avoid statting potential links - sbd-inquisitor: SBD_DELAY_START can be configured with a delay value (bsc#1107321) - sbd-common: don't follow symlinks outside /dev for watchdog Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-644=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): sbd-1.4.0+20190123.1829c40-4.8.3 sbd-debuginfo-1.4.0+20190123.1829c40-4.8.3 sbd-debugsource-1.4.0+20190123.1829c40-4.8.3 References: https://bugzilla.suse.com/1102930 https://bugzilla.suse.com/1107321 https://bugzilla.suse.com/1112918 From sle-updates at lists.suse.com Wed Mar 20 08:09:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 15:09:44 +0100 (CET) Subject: SUSE-RU-2019:0653-1: moderate: Recommended update for xorg-x11-server Message-ID: <20190320140944.6AD0DF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0653-1 Rating: moderate References: #1120999 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server fixes the following issues: * make sure /var/lib/X11/X still symlinks to /usr/bin/Xorg after migrating from SUSE Linux Enterprise 15 GA (SP0) to SUSE Linux Enterprise 15 SP1 and doing a rollback (bsc#1120999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-653=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-653=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-653=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-653=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): xorg-x11-server-debuginfo-1.19.6-8.9.1 xorg-x11-server-debugsource-1.19.6-8.9.1 xorg-x11-server-wayland-1.19.6-8.9.1 xorg-x11-server-wayland-debuginfo-1.19.6-8.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-8.9.1 xorg-x11-server-debugsource-1.19.6-8.9.1 xorg-x11-server-source-1.19.6-8.9.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-8.9.1 xorg-x11-server-debugsource-1.19.6-8.9.1 xorg-x11-server-sdk-1.19.6-8.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-8.9.1 xorg-x11-server-debuginfo-1.19.6-8.9.1 xorg-x11-server-debugsource-1.19.6-8.9.1 xorg-x11-server-extra-1.19.6-8.9.1 xorg-x11-server-extra-debuginfo-1.19.6-8.9.1 References: https://bugzilla.suse.com/1120999 From sle-updates at lists.suse.com Wed Mar 20 08:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 15:10:22 +0100 (CET) Subject: SUSE-SU-2019:0654-1: important: Security update for openwsman Message-ID: <20190320141022.06226F7BB@maintenance.suse.de> SUSE Security Update: Security update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0654-1 Rating: important References: #1092206 #1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: - Added OpenSSL 1.1 compatibility - Compilation in debug mode fixed - Directory listing without authentication fixed (bsc#1092206). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-654=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-654=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.6.7-3.3.1 libwsman3-2.6.7-3.3.1 libwsman3-debuginfo-2.6.7-3.3.1 openwsman-debuginfo-2.6.7-3.3.1 openwsman-debugsource-2.6.7-3.3.1 openwsman-server-2.6.7-3.3.1 openwsman-server-debuginfo-2.6.7-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libwsman_clientpp-devel-2.6.7-3.3.1 libwsman_clientpp1-2.6.7-3.3.1 libwsman_clientpp1-debuginfo-2.6.7-3.3.1 openwsman-debuginfo-2.6.7-3.3.1 openwsman-debugsource-2.6.7-3.3.1 openwsman-java-2.6.7-3.3.1 openwsman-perl-2.6.7-3.3.1 openwsman-perl-debuginfo-2.6.7-3.3.1 openwsman-ruby-2.6.7-3.3.1 openwsman-ruby-debuginfo-2.6.7-3.3.1 openwsman-ruby-docs-2.6.7-3.3.1 openwsman-server-plugin-ruby-2.6.7-3.3.1 openwsman-server-plugin-ruby-debuginfo-2.6.7-3.3.1 python3-openwsman-2.6.7-3.3.1 python3-openwsman-debuginfo-2.6.7-3.3.1 winrs-2.6.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-3816.html https://www.suse.com/security/cve/CVE-2019-3833.html https://bugzilla.suse.com/1092206 https://bugzilla.suse.com/1122623 From sle-updates at lists.suse.com Wed Mar 20 08:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 15:11:07 +0100 (CET) Subject: SUSE-RU-2019:0652-1: moderate: Recommended update for openvswitch Message-ID: <20190320141107.48D7FF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0652-1 Rating: moderate References: #1124435 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: - Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-652=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-4.12.1 libopenvswitch-2_8-0-debuginfo-2.8.5-4.12.1 openvswitch-2.8.5-4.12.1 openvswitch-debuginfo-2.8.5-4.12.1 openvswitch-debugsource-2.8.5-4.12.1 References: https://bugzilla.suse.com/1124435 From sle-updates at lists.suse.com Wed Mar 20 08:11:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 15:11:45 +0100 (CET) Subject: SUSE-SU-2019:0655-1: moderate: Security update for libssh2_org Message-ID: <20190320141145.E6318F7BB@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0655-1 Rating: moderate References: #1091236 #1128471 #1128472 #1128474 #1128476 #1128480 #1128481 #1128490 #1128492 #1128493 Cross-References: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-655=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-655=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-655=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-655=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-655=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-655=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-655=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-655=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-655=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-655=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-655=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-655=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-655=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-655=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-655=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE Enterprise Storage 4 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2-1-debuginfo-32bit-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE CaaS Platform ALL (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - SUSE CaaS Platform 3.0 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libssh2-1-1.4.3-20.3.1 libssh2-1-debuginfo-1.4.3-20.3.1 libssh2_org-debugsource-1.4.3-20.3.1 References: https://www.suse.com/security/cve/CVE-2019-3855.html https://www.suse.com/security/cve/CVE-2019-3856.html https://www.suse.com/security/cve/CVE-2019-3857.html https://www.suse.com/security/cve/CVE-2019-3858.html https://www.suse.com/security/cve/CVE-2019-3859.html https://www.suse.com/security/cve/CVE-2019-3860.html https://www.suse.com/security/cve/CVE-2019-3861.html https://www.suse.com/security/cve/CVE-2019-3862.html https://www.suse.com/security/cve/CVE-2019-3863.html https://bugzilla.suse.com/1091236 https://bugzilla.suse.com/1128471 https://bugzilla.suse.com/1128472 https://bugzilla.suse.com/1128474 https://bugzilla.suse.com/1128476 https://bugzilla.suse.com/1128480 https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1128490 https://bugzilla.suse.com/1128492 https://bugzilla.suse.com/1128493 From sle-updates at lists.suse.com Wed Mar 20 08:13:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 15:13:31 +0100 (CET) Subject: SUSE-SU-2019:0656-1: important: Security update for openwsman Message-ID: <20190320141331.CD3CAF7BB@maintenance.suse.de> SUSE Security Update: Security update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0656-1 Rating: important References: #1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-656=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-656=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-656=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-656=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-656=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-656=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.4.11-21.8.1 libwsman_clientpp-devel-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-python-2.4.11-21.8.1 openwsman-python-debuginfo-2.4.11-21.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.4.11-21.8.1 libwsman_clientpp-devel-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-python-2.4.11-21.8.1 openwsman-python-debuginfo-2.4.11-21.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.8.1 libwsman1-debuginfo-2.4.11-21.8.1 libwsman_clientpp1-2.4.11-21.8.1 libwsman_clientpp1-debuginfo-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-server-2.4.11-21.8.1 openwsman-server-debuginfo-2.4.11-21.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.8.1 libwsman1-debuginfo-2.4.11-21.8.1 libwsman_clientpp1-2.4.11-21.8.1 libwsman_clientpp1-debuginfo-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-server-2.4.11-21.8.1 openwsman-server-debuginfo-2.4.11-21.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwsman1-2.4.11-21.8.1 libwsman1-debuginfo-2.4.11-21.8.1 libwsman_clientpp1-2.4.11-21.8.1 libwsman_clientpp1-debuginfo-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-server-2.4.11-21.8.1 openwsman-server-debuginfo-2.4.11-21.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwsman1-2.4.11-21.8.1 libwsman1-debuginfo-2.4.11-21.8.1 libwsman_clientpp1-2.4.11-21.8.1 libwsman_clientpp1-debuginfo-2.4.11-21.8.1 openwsman-debugsource-2.4.11-21.8.1 openwsman-server-2.4.11-21.8.1 openwsman-server-debuginfo-2.4.11-21.8.1 References: https://www.suse.com/security/cve/CVE-2019-3816.html https://www.suse.com/security/cve/CVE-2019-3833.html https://bugzilla.suse.com/1122623 From sle-updates at lists.suse.com Wed Mar 20 09:07:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 16:07:59 +0100 (CET) Subject: SUSE-SU-2019:0657-1: Security update for python-Flask Message-ID: <20190320150759.87A42F7BB@maintenance.suse.de> SUSE Security Update: Security update for python-Flask ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0657-1 Rating: low References: #1106279 Cross-References: CVE-2018-1000656 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask to version 0.12.4 fixes the following issues: Security issue fixed: - CVE-2018-1000656: Fixed an improper input validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. (bsc#1106279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-657=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-657=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-657=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): python2-Flask-0.12.4-3.3.26 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-Flask-0.12.4-3.3.26 python2-Flask-doc-0.12.4-3.3.26 python3-Flask-doc-0.12.4-3.3.26 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-Flask-0.12.4-3.3.26 References: https://www.suse.com/security/cve/CVE-2018-1000656.html https://bugzilla.suse.com/1106279 From sle-updates at lists.suse.com Wed Mar 20 09:16:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 16:16:58 +0100 (CET) Subject: SUSE-SU-2019:0657-1: Security update for python-Flask Message-ID: <20190320151658.B8FC6F7BB@maintenance.suse.de> SUSE Security Update: Security update for python-Flask ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0657-1 Rating: low References: #1106279 Cross-References: CVE-2018-1000656 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask to version 0.12.4 fixes the following issues: Security issue fixed: - CVE-2018-1000656: Fixed an improper input validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. (bsc#1106279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-657=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-657=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-657=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): python2-Flask-0.12.4-3.3.26 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-Flask-0.12.4-3.3.26 python2-Flask-doc-0.12.4-3.3.26 python3-Flask-doc-0.12.4-3.3.26 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-Flask-0.12.4-3.3.26 References: https://www.suse.com/security/cve/CVE-2018-1000656.html https://bugzilla.suse.com/1106279 From sle-updates at lists.suse.com Wed Mar 20 10:37:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 17:37:52 +0100 (CET) Subject: SUSE-SU-2019:0658-1: moderate: Security update for nodejs4 Message-ID: <20190320163752.410D5F7BB@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0658-1 Rating: moderate References: #1127080 #1127532 #1127533 Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-658=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-658=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.9.1-15.20.1 nodejs4-debuginfo-4.9.1-15.20.1 nodejs4-debugsource-4.9.1-15.20.1 nodejs4-devel-4.9.1-15.20.1 npm4-4.9.1-15.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.9.1-15.20.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.9.1-15.20.1 nodejs4-debuginfo-4.9.1-15.20.1 nodejs4-debugsource-4.9.1-15.20.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://www.suse.com/security/cve/CVE-2019-5737.html https://www.suse.com/security/cve/CVE-2019-5739.html https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1127532 https://bugzilla.suse.com/1127533 From sle-updates at lists.suse.com Wed Mar 20 11:10:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:10:51 +0100 (CET) Subject: SUSE-RU-2019:0664-1: Recommended update for gpgme Message-ID: <20190320171051.93E81F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gpgme ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0664-1 Rating: low References: #1121051 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-664=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-664=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-664=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): gpgme-debuginfo-1.10.0-4.3.4 gpgme-debugsource-1.10.0-4.3.4 python2-gpg-1.10.0-4.3.4 python2-gpg-debuginfo-1.10.0-4.3.4 python3-gpg-1.10.0-4.3.4 python3-gpg-debuginfo-1.10.0-4.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gpgme-debuginfo-1.10.0-4.3.4 gpgme-debugsource-1.10.0-4.3.4 python2-gpg-1.10.0-4.3.4 python2-gpg-debuginfo-1.10.0-4.3.4 python3-gpg-1.10.0-4.3.4 python3-gpg-debuginfo-1.10.0-4.3.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gpgme-1.10.0-4.3.4 gpgme-debuginfo-1.10.0-4.3.4 gpgme-debugsource-1.10.0-4.3.4 libgpgme-devel-1.10.0-4.3.4 libgpgme11-1.10.0-4.3.4 libgpgme11-debuginfo-1.10.0-4.3.4 libgpgmepp-devel-1.10.0-4.3.4 libgpgmepp6-1.10.0-4.3.4 libgpgmepp6-debuginfo-1.10.0-4.3.4 libqgpgme-devel-1.10.0-4.3.4 libqgpgme7-1.10.0-4.3.4 libqgpgme7-debuginfo-1.10.0-4.3.4 References: https://bugzilla.suse.com/1121051 From sle-updates at lists.suse.com Wed Mar 20 11:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:11:31 +0100 (CET) Subject: SUSE-RU-2019:0659-1: moderate: Recommended update for yast2-iscsi-client Message-ID: <20190320171131.543EFF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iscsi-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0659-1 Rating: moderate References: #1099691 #1103681 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-iscsi-client fixes the following issues: - Fix detection of service current status (bsc#1103681) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-659=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-iscsi-client-4.0.2-3.3.2 References: https://bugzilla.suse.com/1099691 https://bugzilla.suse.com/1103681 From sle-updates at lists.suse.com Wed Mar 20 11:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:12:22 +0100 (CET) Subject: SUSE-RU-2019:0661-1: moderate: Recommended update for LibVNCServer Message-ID: <20190320171222.8C9A2F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0661-1 Rating: moderate References: #1123805 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for LibVNCServer fixes the following issue: - remmina cannot connect to VNC server (bsc#1123805) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-661=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-661=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-661=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-661=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.14.1 LibVNCServer-devel-0.9.9-17.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.14.1 LibVNCServer-devel-0.9.9-17.14.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.14.1 libvncclient0-0.9.9-17.14.1 libvncclient0-debuginfo-0.9.9-17.14.1 libvncserver0-0.9.9-17.14.1 libvncserver0-debuginfo-0.9.9-17.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.14.1 libvncclient0-0.9.9-17.14.1 libvncclient0-debuginfo-0.9.9-17.14.1 libvncserver0-0.9.9-17.14.1 libvncserver0-debuginfo-0.9.9-17.14.1 References: https://bugzilla.suse.com/1123805 From sle-updates at lists.suse.com Wed Mar 20 11:12:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:12:59 +0100 (CET) Subject: SUSE-RU-2019:0660-1: moderate: Recommended update for mutter Message-ID: <20190320171259.790ADF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0660-1 Rating: moderate References: #1125467 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter fixes the following issues: - Fix Gnome scaling on 4K displays(fate#326682, bsc#1125467). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-660=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmutter-1-0-3.26.2+20180207.4b2d21ff0-5.11.1 libmutter-1-0-debuginfo-3.26.2+20180207.4b2d21ff0-5.11.1 mutter-3.26.2+20180207.4b2d21ff0-5.11.1 mutter-data-3.26.2+20180207.4b2d21ff0-5.11.1 mutter-debuginfo-3.26.2+20180207.4b2d21ff0-5.11.1 mutter-debugsource-3.26.2+20180207.4b2d21ff0-5.11.1 mutter-devel-3.26.2+20180207.4b2d21ff0-5.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): mutter-lang-3.26.2+20180207.4b2d21ff0-5.11.1 References: https://bugzilla.suse.com/1125467 From sle-updates at lists.suse.com Wed Mar 20 11:13:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:13:35 +0100 (CET) Subject: SUSE-RU-2019:0666-1: moderate: Recommended update for yast2-registration Message-ID: <20190320171335.0FB48F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0666-1 Rating: moderate References: #1125006 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration provides the following fix: - Fix a crash that would display the following error: "can't modify frozen String". (bsc#1125006) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-666=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-666=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-registration-3.2.18-3.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-registration-3.2.18-3.3.2 References: https://bugzilla.suse.com/1125006 From sle-updates at lists.suse.com Wed Mar 20 11:14:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:14:09 +0100 (CET) Subject: SUSE-RU-2019:0665-1: Recommended update for xf86-input-wacom Message-ID: <20190320171409.02262F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-input-wacom ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0665-1 Rating: low References: #1120405 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xf86-input-wacom provides the following fix: - Re-added support for serial input devices. (bsc#1120405) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-665=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): xf86-input-wacom-0.34.2-3.3.4 xf86-input-wacom-debuginfo-0.34.2-3.3.4 xf86-input-wacom-debugsource-0.34.2-3.3.4 xf86-input-wacom-devel-0.34.2-3.3.4 References: https://bugzilla.suse.com/1120405 From sle-updates at lists.suse.com Wed Mar 20 11:14:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:14:47 +0100 (CET) Subject: SUSE-RU-2019:0667-1: moderate: Recommended update for open-vm-tools Message-ID: <20190320171447.B842DF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0667-1 Rating: moderate References: #1115118 #1121964 #1122435 #1124397 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLE products where available. (bsc#1122435) - Improve handling of certain quiesced snapshot failures. (bsc#1124397) - Update vmtoolsd.service to support cloud-init customization by default by adding "DefaultDependencies=no" and "Before=cloud-init-local.service" to the [Unit] section of vmtoolsd.service. (bsc#1121964) - Bugfix: open-vm-tools has logged warnings, when taking a snapshot of a Linux guest on a vSphere host. - Bugfix: open-vm-tools service crashed on Linux systems which are not running on a VMware platform. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-667=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-667=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvmtools0-10.3.5-4.3.1 libvmtools0-debuginfo-10.3.5-4.3.1 open-vm-tools-10.3.5-4.3.1 open-vm-tools-debuginfo-10.3.5-4.3.1 open-vm-tools-debugsource-10.3.5-4.3.1 open-vm-tools-desktop-10.3.5-4.3.1 open-vm-tools-desktop-debuginfo-10.3.5-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvmtools0-10.3.5-4.3.1 libvmtools0-debuginfo-10.3.5-4.3.1 open-vm-tools-10.3.5-4.3.1 open-vm-tools-debuginfo-10.3.5-4.3.1 open-vm-tools-debugsource-10.3.5-4.3.1 open-vm-tools-desktop-10.3.5-4.3.1 open-vm-tools-desktop-debuginfo-10.3.5-4.3.1 References: https://bugzilla.suse.com/1115118 https://bugzilla.suse.com/1121964 https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1124397 From sle-updates at lists.suse.com Wed Mar 20 11:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:15:44 +0100 (CET) Subject: SUSE-RU-2019:13983-1: moderate: Recommended update for augeas Message-ID: <20190320171544.0BAF1F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for augeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13983-1 Rating: moderate References: #1091696 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for augeas provides the following fix: - Fix parsing of quoted strings with spaces in spacevars lens. (bsc#1091696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-augeas-13983=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-augeas-13983=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-augeas-13983=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-augeas-13983=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.9.0-3.21.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-0.9.0-3.21.6.1 augeas-lenses-0.9.0-3.21.6.1 libaugeas0-0.9.0-3.21.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): augeas-0.9.0-3.21.6.1 augeas-lenses-0.9.0-3.21.6.1 libaugeas0-0.9.0-3.21.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-debuginfo-0.9.0-3.21.6.1 augeas-debugsource-0.9.0-3.21.6.1 References: https://bugzilla.suse.com/1091696 From sle-updates at lists.suse.com Wed Mar 20 11:16:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 18:16:23 +0100 (CET) Subject: SUSE-RU-2019:0662-1: moderate: Recommended update for lvm2 Message-ID: <20190320171623.CBF9DF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0662-1 Rating: moderate References: #1123327 #1123803 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - StartLimitInterval in wrong section (bsc#1123327, bsc#1123803) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-662=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-662=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-662=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-662=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.7.1 lvm2-debuginfo-2.02.180-9.7.1 lvm2-debugsource-2.02.180-9.7.1 lvm2-devel-2.02.180-9.7.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.7.1 device-mapper-debuginfo-1.02.149-9.7.1 lvm2-2.02.180-9.7.1 lvm2-debuginfo-2.02.180-9.7.1 lvm2-debugsource-2.02.180-9.7.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): device-mapper-32bit-1.02.149-9.7.1 device-mapper-debuginfo-32bit-1.02.149-9.7.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.7.1 lvm2-clvm-debuginfo-2.02.180-9.7.1 lvm2-cmirrord-2.02.180-9.7.1 lvm2-cmirrord-debuginfo-2.02.180-9.7.1 lvm2-debuginfo-2.02.180-9.7.1 lvm2-debugsource-2.02.180-9.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): device-mapper-1.02.149-9.7.1 device-mapper-32bit-1.02.149-9.7.1 device-mapper-debuginfo-1.02.149-9.7.1 device-mapper-debuginfo-32bit-1.02.149-9.7.1 lvm2-2.02.180-9.7.1 lvm2-debuginfo-2.02.180-9.7.1 lvm2-debugsource-2.02.180-9.7.1 References: https://bugzilla.suse.com/1123327 https://bugzilla.suse.com/1123803 From sle-updates at lists.suse.com Wed Mar 20 14:09:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 21:09:24 +0100 (CET) Subject: SUSE-RU-2019:0675-1: moderate: Recommended update for sbd Message-ID: <20190320200924.A6CECFD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0675-1 Rating: moderate References: #1112918 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sbd fixes the following issues: - Update to version 1.4.0+20190123.1829c40: - sbd.sysconfig: watchdog timeout set in the on-disk metadata takes precedence - sbd.8.pod: use the generic term "cluster services" instead of the specific "openais" (bsc#1112918) - make timeout-action executed by sbd configurable - use pacemaker's new pe api with constructors/destructors Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-675=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): sbd-1.4.0+20190123.1829c40-3.3.3 sbd-debuginfo-1.4.0+20190123.1829c40-3.3.3 sbd-debugsource-1.4.0+20190123.1829c40-3.3.3 References: https://bugzilla.suse.com/1112918 From sle-updates at lists.suse.com Wed Mar 20 14:09:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Mar 2019 21:09:57 +0100 (CET) Subject: SUSE-SU-2019:0672-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20190320200957.34792FD43@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0672-1 Rating: important References: #1103098 #1124729 #1124734 #1128378 Cross-References: CVE-2018-5391 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker might have caused a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-668=1 SUSE-SLE-SAP-12-SP1-2019-669=1 SUSE-SLE-SAP-12-SP1-2019-670=1 SUSE-SLE-SAP-12-SP1-2019-671=1 SUSE-SLE-SAP-12-SP1-2019-672=1 SUSE-SLE-SAP-12-SP1-2019-673=1 SUSE-SLE-SAP-12-SP1-2019-674=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-668=1 SUSE-SLE-SERVER-12-SP1-2019-669=1 SUSE-SLE-SERVER-12-SP1-2019-670=1 SUSE-SLE-SERVER-12-SP1-2019-671=1 SUSE-SLE-SERVER-12-SP1-2019-672=1 SUSE-SLE-SERVER-12-SP1-2019-673=1 SUSE-SLE-SERVER-12-SP1-2019-674=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_104-default-6-2.1 kgraft-patch-3_12_74-60_64_104-xen-6-2.1 kgraft-patch-3_12_74-60_64_107-default-6-2.1 kgraft-patch-3_12_74-60_64_107-xen-6-2.1 kgraft-patch-3_12_74-60_64_85-default-12-2.1 kgraft-patch-3_12_74-60_64_85-xen-12-2.1 kgraft-patch-3_12_74-60_64_88-default-10-2.1 kgraft-patch-3_12_74-60_64_88-xen-10-2.1 kgraft-patch-3_12_74-60_64_93-default-9-2.1 kgraft-patch-3_12_74-60_64_93-xen-9-2.1 kgraft-patch-3_12_74-60_64_96-default-9-2.1 kgraft-patch-3_12_74-60_64_96-xen-9-2.1 kgraft-patch-3_12_74-60_64_99-default-8-2.1 kgraft-patch-3_12_74-60_64_99-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-6-2.1 kgraft-patch-3_12_74-60_64_104-xen-6-2.1 kgraft-patch-3_12_74-60_64_107-default-6-2.1 kgraft-patch-3_12_74-60_64_107-xen-6-2.1 kgraft-patch-3_12_74-60_64_85-default-12-2.1 kgraft-patch-3_12_74-60_64_85-xen-12-2.1 kgraft-patch-3_12_74-60_64_88-default-10-2.1 kgraft-patch-3_12_74-60_64_88-xen-10-2.1 kgraft-patch-3_12_74-60_64_93-default-9-2.1 kgraft-patch-3_12_74-60_64_93-xen-9-2.1 kgraft-patch-3_12_74-60_64_96-default-9-2.1 kgraft-patch-3_12_74-60_64_96-xen-9-2.1 kgraft-patch-3_12_74-60_64_99-default-8-2.1 kgraft-patch-3_12_74-60_64_99-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1103098 https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Thu Mar 21 05:10:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 12:10:10 +0100 (CET) Subject: SUSE-RU-2019:0676-1: moderate: Recommended update for release-notes-sdk Message-ID: <20190321111010.2D490FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0676-1 Rating: moderate References: #1124787 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sdk fixes the following issues: - Performance Co-Pilot Has Been Updated to Version 3.11.9 (FATE#319343 bsc#1124787) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-676=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): release-notes-sdk-12.3.20190208-3.3.1 References: https://bugzilla.suse.com/1124787 From sle-updates at lists.suse.com Thu Mar 21 05:12:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 12:12:19 +0100 (CET) Subject: SUSE-RU-2019:0677-1: moderate: Recommended update for release-notes-hpc Message-ID: <20190321111219.11596FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0677-1 Rating: moderate References: #1125986 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-hpc fixes the following issues: - Fixes to slurm release note (bsc#1125986): - Mention necessity of manually creating Slurm user - Tagging improvements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2019-677=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (noarch): release-notes-hpc-12.20190220-3.12.1 References: https://bugzilla.suse.com/1125986 From sle-updates at lists.suse.com Thu Mar 21 08:09:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 15:09:35 +0100 (CET) Subject: SUSE-RU-2019:0679-1: moderate: Recommended update for rsyslog Message-ID: <20190321140935.9955DFD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0679-1 Rating: moderate References: #1126233 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Set default permission for all log files (bsc#1126233) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-679=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-679=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-679=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.9.1 rsyslog-debugsource-8.33.1-3.9.1 rsyslog-module-gssapi-8.33.1-3.9.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.9.1 rsyslog-module-gtls-8.33.1-3.9.1 rsyslog-module-gtls-debuginfo-8.33.1-3.9.1 rsyslog-module-mysql-8.33.1-3.9.1 rsyslog-module-mysql-debuginfo-8.33.1-3.9.1 rsyslog-module-pgsql-8.33.1-3.9.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.9.1 rsyslog-module-relp-8.33.1-3.9.1 rsyslog-module-relp-debuginfo-8.33.1-3.9.1 rsyslog-module-snmp-8.33.1-3.9.1 rsyslog-module-snmp-debuginfo-8.33.1-3.9.1 rsyslog-module-udpspoof-8.33.1-3.9.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.9.1 rsyslog-debugsource-8.33.1-3.9.1 rsyslog-diag-tools-8.33.1-3.9.1 rsyslog-diag-tools-debuginfo-8.33.1-3.9.1 rsyslog-doc-8.33.1-3.9.1 rsyslog-module-dbi-8.33.1-3.9.1 rsyslog-module-dbi-debuginfo-8.33.1-3.9.1 rsyslog-module-elasticsearch-8.33.1-3.9.1 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.9.1 rsyslog-module-gcrypt-8.33.1-3.9.1 rsyslog-module-gcrypt-debuginfo-8.33.1-3.9.1 rsyslog-module-gtls-8.33.1-3.9.1 rsyslog-module-gtls-debuginfo-8.33.1-3.9.1 rsyslog-module-mmnormalize-8.33.1-3.9.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.9.1 rsyslog-module-omamqp1-8.33.1-3.9.1 rsyslog-module-omamqp1-debuginfo-8.33.1-3.9.1 rsyslog-module-omhttpfs-8.33.1-3.9.1 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.9.1 rsyslog-module-omtcl-8.33.1-3.9.1 rsyslog-module-omtcl-debuginfo-8.33.1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.9.1 rsyslog-debuginfo-8.33.1-3.9.1 rsyslog-debugsource-8.33.1-3.9.1 References: https://bugzilla.suse.com/1126233 From sle-updates at lists.suse.com Thu Mar 21 08:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 15:10:46 +0100 (CET) Subject: SUSE-SU-2019:0678-1: moderate: Security update for openssl-1_1 Message-ID: <20190321141046.68A64FD43@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0678-1 Rating: moderate References: #1116833 #1125494 #1128189 Cross-References: CVE-2019-1543 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Other issues addressed: - Fixed a segfault in openssl speed when an unknown algorithm is passed (bsc#1125494). - Correctly skipped binary curves in openssl speed to avoid spitting errors (bsc#1116833). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-678=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-678=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-4.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_1-doc-1.1.0i-4.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-4.21.1 libopenssl1_1-1.1.0i-4.21.1 libopenssl1_1-debuginfo-1.1.0i-4.21.1 libopenssl1_1-hmac-1.1.0i-4.21.1 openssl-1_1-1.1.0i-4.21.1 openssl-1_1-debuginfo-1.1.0i-4.21.1 openssl-1_1-debugsource-1.1.0i-4.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.21.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.21.1 libopenssl1_1-hmac-32bit-1.1.0i-4.21.1 References: https://www.suse.com/security/cve/CVE-2019-1543.html https://bugzilla.suse.com/1116833 https://bugzilla.suse.com/1125494 https://bugzilla.suse.com/1128189 From sle-updates at lists.suse.com Thu Mar 21 14:09:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 21:09:56 +0100 (CET) Subject: SUSE-SU-2019:0683-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) Message-ID: <20190321200956.5554A10125@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0683-1 Rating: important References: #1124729 #1124734 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-682=1 SUSE-SLE-SAP-12-SP2-2019-683=1 SUSE-SLE-SAP-12-SP2-2019-684=1 SUSE-SLE-SAP-12-SP2-2019-685=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-682=1 SUSE-SLE-SERVER-12-SP2-2019-683=1 SUSE-SLE-SERVER-12-SP2-2019-684=1 SUSE-SLE-SERVER-12-SP2-2019-685=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-11-2.1 kgraft-patch-4_4_121-92_73-default-10-2.1 kgraft-patch-4_4_121-92_80-default-10-2.1 kgraft-patch-4_4_121-92_85-default-7-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-11-2.1 kgraft-patch-4_4_121-92_73-default-10-2.1 kgraft-patch-4_4_121-92_80-default-10-2.1 kgraft-patch-4_4_121-92_85-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Thu Mar 21 14:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 21:10:50 +0100 (CET) Subject: SUSE-RU-2019:0681-1: Recommended update for xf86-video-dummy Message-ID: <20190321201050.7AED610125@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-dummy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0681-1 Rating: low References: #1117991 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the xf86-video-dummy driver, which was not previously shipped. (FATE#327549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-681=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le x86_64): xf86-video-dummy-0.3.7-10.2.1 xf86-video-dummy-debuginfo-0.3.7-10.2.1 xf86-video-dummy-debugsource-0.3.7-10.2.1 References: https://bugzilla.suse.com/1117991 From sle-updates at lists.suse.com Thu Mar 21 14:11:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 21:11:33 +0100 (CET) Subject: SUSE-RU-2019:0680-1: moderate: Recommended update for sbd Message-ID: <20190321201133.BE4F910125@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0680-1 Rating: moderate References: #1102930 #1107321 #1112918 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: Updated to version 1.4.0+20190123.1829c40: - sbd.sysconfig: watchdog timeout set in the on-disk metadata takes precedence - sbd.8.pod: use the generic term "cluster services" instead of the specific "openais" (bsc#1112918) - make timeout-action executed by sbd configurable - use pacemaker's new pe api with constructors/destructors - sbd-common: avoid statting potential links - sbd-inquisitor: SBD_DELAY_START can be configured with a delay value (bsc#1107321) - sbd-common: don't follow symlinks outside /dev for watchdog Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-680=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): sbd-1.4.0+20190123.1829c40-3.3.2 sbd-debuginfo-1.4.0+20190123.1829c40-3.3.2 sbd-debugsource-1.4.0+20190123.1829c40-3.3.2 References: https://bugzilla.suse.com/1102930 https://bugzilla.suse.com/1107321 https://bugzilla.suse.com/1112918 From sle-updates at lists.suse.com Thu Mar 21 14:12:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Mar 2019 21:12:30 +0100 (CET) Subject: SUSE-RU-2019:0686-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <20190321201230.7D02510125@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0686-1 Rating: moderate References: #1125981 Affected Products: SUSE Linux Enterprise Module for HPC 15 SUSE Linux Enterprise High Performance Computing 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: - Mention requirements/background for Slurm user creation - Minor fixes: - Typos/grammar/style - Use em dashes instead of number dashes to improve PDF display Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-686=1 - SUSE Linux Enterprise High Performance Computing 15: zypper in -t patch SUSE-SLE-Product-HPC-15-2019-686=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (noarch): release-notes-sle_hpc-15.20190220-3.9.1 - SUSE Linux Enterprise High Performance Computing 15 (noarch): release-notes-sle_hpc-15.20190220-3.9.1 References: https://bugzilla.suse.com/1125981 From sle-updates at lists.suse.com Thu Mar 21 17:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:09:50 +0100 (CET) Subject: SUSE-SU-2019:0688-1: moderate: Security update for wireshark Message-ID: <20190321230950.36AC510125@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0688-1 Rating: moderate References: #1127367 #1127369 #1127370 Cross-References: CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-688=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-688=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-688=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-688=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-688=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-688=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-devel-2.4.13-48.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-devel-2.4.13-48.42.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.13-48.42.1 libwireshark9-debuginfo-2.4.13-48.42.1 libwiretap7-2.4.13-48.42.1 libwiretap7-debuginfo-2.4.13-48.42.1 libwscodecs1-2.4.13-48.42.1 libwscodecs1-debuginfo-2.4.13-48.42.1 libwsutil8-2.4.13-48.42.1 libwsutil8-debuginfo-2.4.13-48.42.1 wireshark-2.4.13-48.42.1 wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-gtk-2.4.13-48.42.1 wireshark-gtk-debuginfo-2.4.13-48.42.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.13-48.42.1 libwireshark9-debuginfo-2.4.13-48.42.1 libwiretap7-2.4.13-48.42.1 libwiretap7-debuginfo-2.4.13-48.42.1 libwscodecs1-2.4.13-48.42.1 libwscodecs1-debuginfo-2.4.13-48.42.1 libwsutil8-2.4.13-48.42.1 libwsutil8-debuginfo-2.4.13-48.42.1 wireshark-2.4.13-48.42.1 wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-gtk-2.4.13-48.42.1 wireshark-gtk-debuginfo-2.4.13-48.42.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.13-48.42.1 libwireshark9-debuginfo-2.4.13-48.42.1 libwiretap7-2.4.13-48.42.1 libwiretap7-debuginfo-2.4.13-48.42.1 libwscodecs1-2.4.13-48.42.1 libwscodecs1-debuginfo-2.4.13-48.42.1 libwsutil8-2.4.13-48.42.1 libwsutil8-debuginfo-2.4.13-48.42.1 wireshark-2.4.13-48.42.1 wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-gtk-2.4.13-48.42.1 wireshark-gtk-debuginfo-2.4.13-48.42.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.13-48.42.1 libwireshark9-debuginfo-2.4.13-48.42.1 libwiretap7-2.4.13-48.42.1 libwiretap7-debuginfo-2.4.13-48.42.1 libwscodecs1-2.4.13-48.42.1 libwscodecs1-debuginfo-2.4.13-48.42.1 libwsutil8-2.4.13-48.42.1 libwsutil8-debuginfo-2.4.13-48.42.1 wireshark-2.4.13-48.42.1 wireshark-debuginfo-2.4.13-48.42.1 wireshark-debugsource-2.4.13-48.42.1 wireshark-gtk-2.4.13-48.42.1 wireshark-gtk-debuginfo-2.4.13-48.42.1 References: https://www.suse.com/security/cve/CVE-2019-9208.html https://www.suse.com/security/cve/CVE-2019-9209.html https://www.suse.com/security/cve/CVE-2019-9214.html https://bugzilla.suse.com/1127367 https://bugzilla.suse.com/1127369 https://bugzilla.suse.com/1127370 From sle-updates at lists.suse.com Thu Mar 21 17:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:10:44 +0100 (CET) Subject: SUSE-RU-2019:0700-1: moderate: Recommended update for cyrus-sasl Message-ID: <20190321231044.4705810125@maintenance.suse.de> SUSE Recommended Update: Recommended update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0700-1 Rating: moderate References: #1044840 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages "GSSAPI client step 1". By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-700=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-700=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-700=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): cyrus-sasl-saslauthd-debuginfo-2.1.26-5.3.2 cyrus-sasl-saslauthd-debugsource-2.1.26-5.3.2 cyrus-sasl-sqlauxprop-2.1.26-5.3.2 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cyrus-sasl-debuginfo-2.1.26-5.3.1 cyrus-sasl-debugsource-2.1.26-5.3.1 cyrus-sasl-gs2-2.1.26-5.3.1 cyrus-sasl-gs2-debuginfo-2.1.26-5.3.1 cyrus-sasl-ldap-auxprop-2.1.26-5.3.2 cyrus-sasl-ldap-auxprop-debuginfo-2.1.26-5.3.2 cyrus-sasl-ntlm-2.1.26-5.3.1 cyrus-sasl-ntlm-debuginfo-2.1.26-5.3.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.3.2 cyrus-sasl-saslauthd-debugsource-2.1.26-5.3.2 cyrus-sasl-scram-2.1.26-5.3.1 cyrus-sasl-scram-debuginfo-2.1.26-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-5.3.1 cyrus-sasl-crammd5-2.1.26-5.3.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.3.1 cyrus-sasl-debuginfo-2.1.26-5.3.1 cyrus-sasl-debugsource-2.1.26-5.3.1 cyrus-sasl-devel-2.1.26-5.3.1 cyrus-sasl-digestmd5-2.1.26-5.3.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.3.1 cyrus-sasl-gssapi-2.1.26-5.3.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.3.1 cyrus-sasl-otp-2.1.26-5.3.1 cyrus-sasl-otp-debuginfo-2.1.26-5.3.1 cyrus-sasl-plain-2.1.26-5.3.1 cyrus-sasl-plain-debuginfo-2.1.26-5.3.1 cyrus-sasl-saslauthd-2.1.26-5.3.2 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.3.2 cyrus-sasl-saslauthd-debugsource-2.1.26-5.3.2 libsasl2-3-2.1.26-5.3.1 libsasl2-3-debuginfo-2.1.26-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): cyrus-sasl-32bit-2.1.26-5.3.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.3.1 cyrus-sasl-crammd5-32bit-2.1.26-5.3.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.3.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.3.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.3.1 cyrus-sasl-gssapi-32bit-2.1.26-5.3.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.3.1 cyrus-sasl-plain-32bit-2.1.26-5.3.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.3.1 libsasl2-3-32bit-2.1.26-5.3.1 libsasl2-3-32bit-debuginfo-2.1.26-5.3.1 References: https://bugzilla.suse.com/1044840 From sle-updates at lists.suse.com Thu Mar 21 17:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:11:34 +0100 (CET) Subject: SUSE-SU-2019:13985-1: moderate: Security update for libxml2 Message-ID: <20190321231134.25F5C10125@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13985-1 Rating: moderate References: #1010675 #1102046 #1110146 #1126613 Cross-References: CVE-2016-9318 CVE-2018-14404 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-13985=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-13985=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-13985=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-13985=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.77.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.77.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.77.15.1 libxml2-doc-2.7.6-0.77.15.1 libxml2-python-2.7.6-0.77.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.77.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.77.15.1 libxml2-doc-2.7.6-0.77.15.1 libxml2-python-2.7.6-0.77.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.15.1 libxml2-debugsource-2.7.6-0.77.15.1 libxml2-python-debuginfo-2.7.6-0.77.15.1 libxml2-python-debugsource-2.7.6-0.77.15.1 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2018-14404.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1110146 https://bugzilla.suse.com/1126613 From sle-updates at lists.suse.com Thu Mar 21 17:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:12:47 +0100 (CET) Subject: SUSE-RU-2019:0694-1: moderate: Recommended update for autoyast2 Message-ID: <20190321231247.6DC1C10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0694-1 Rating: moderate References: #1123091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autoyast2 provides the following fix: - Fixed conflicting items in rule dialogs. (bsc#1123091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-694=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-694=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): autoyast2-4.0.67-3.14.5 autoyast2-installation-4.0.67-3.14.5 yast2-security-4.0.1-3.5.2 - SUSE Linux Enterprise Installer 15 (noarch): autoyast2-4.0.67-3.14.5 autoyast2-installation-4.0.67-3.14.5 yast2-security-4.0.1-3.5.2 References: https://bugzilla.suse.com/1123091 From sle-updates at lists.suse.com Thu Mar 21 17:13:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:13:31 +0100 (CET) Subject: SUSE-RU-2019:0693-1: moderate: Recommended update for kubernetes-salt and velum Message-ID: <20190321231331.302C410125@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt and velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0693-1 Rating: moderate References: #1097175 #1098664 #1111173 #1117942 #1120717 #1121346 #1127326 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for velum and kubernetes-salt fixes the following issues: - Trailing dot in kubernetes external FQDN makes dex fail (TLS Handshake error) (bsc#1097175) - Shutdown of first master in the cluster causes dex pods to "CrashLoopBackOff" (bsc#1098664) - Third party volume plugins configuration is wrong for kubelet/controller-manager (bsc#1117942) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.12-3.42.3 - SUSE CaaS Platform 3.0 (noarch): caasp-container-manifests-3.0.0+git_r301_7f03264-3.12.1 kubernetes-salt-3.0.0+git_r956_c13ab50-3.56.1 References: https://bugzilla.suse.com/1097175 https://bugzilla.suse.com/1098664 https://bugzilla.suse.com/1111173 https://bugzilla.suse.com/1117942 https://bugzilla.suse.com/1120717 https://bugzilla.suse.com/1121346 https://bugzilla.suse.com/1127326 From sle-updates at lists.suse.com Thu Mar 21 17:15:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:15:13 +0100 (CET) Subject: SUSE-RU-2019:0701-1: moderate: Recommended update for yast2-smt Message-ID: <20190321231513.6BDAF10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0701-1 Rating: moderate References: #1099938 #1106550 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-smt provides the following fixes: - Make sure that the yast SMT module correctly starts and stops SMT again, via the corresponding services. The associated checkbox was renamed to "Run ..." to better reflect the behavior. (bsc#1106550) - Add 128x128 icon and re-create icon cache after installing and uninstalling. (bsc#1099938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-701=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-701=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-701=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-701=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-701=1 Package List: - SUSE OpenStack Cloud 7 (noarch): yast2-smt-3.0.17-17.6.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): yast2-smt-3.0.17-17.6.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): yast2-smt-3.0.17-17.6.4 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): yast2-smt-3.0.17-17.6.4 - SUSE Enterprise Storage 4 (noarch): yast2-smt-3.0.17-17.6.4 References: https://bugzilla.suse.com/1099938 https://bugzilla.suse.com/1106550 From sle-updates at lists.suse.com Thu Mar 21 17:16:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:16:11 +0100 (CET) Subject: SUSE-RU-2019:0699-1: moderate: Recommended update for firewalld Message-ID: <20190321231611.A4FF410125@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0699-1 Rating: moderate References: #1122151 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for firewalld fixes the following issues: - Fix --runtime-to-permanent error when NetworkMananger is not used. (bsc#1122151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-699=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-699=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): firewall-applet-0.5.5-4.24.9 firewall-config-0.5.5-4.24.9 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): firewall-macros-0.5.5-4.24.9 firewalld-0.5.5-4.24.9 firewalld-lang-0.5.5-4.24.9 python3-firewall-0.5.5-4.24.9 References: https://bugzilla.suse.com/1122151 From sle-updates at lists.suse.com Thu Mar 21 17:16:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:16:54 +0100 (CET) Subject: SUSE-SU-2019:13984-1: moderate: Security update for unzip Message-ID: <20190321231654.3580610125@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13984-1 Rating: moderate References: #1110194 Cross-References: CVE-2018-18384 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-unzip-13984=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): unzip-6.00-11.18.8.1 References: https://www.suse.com/security/cve/CVE-2018-18384.html https://bugzilla.suse.com/1110194 From sle-updates at lists.suse.com Thu Mar 21 17:17:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:17:40 +0100 (CET) Subject: SUSE-RU-2019:0695-1: moderate: Recommended update for azure-li-services Message-ID: <20190321231740.E11EA10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0695-1 Rating: moderate References: #1127923 #1127924 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-li-services to version 1.1.27 provides the following: - Azure Large instances password reset and MAC based ifnames support (bsc#1127923) - Azure Very Large instances support for bonding (bsc#1127923) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-695=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.27-1.14.1 References: https://bugzilla.suse.com/1127923 https://bugzilla.suse.com/1127924 From sle-updates at lists.suse.com Thu Mar 21 17:18:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:18:32 +0100 (CET) Subject: SUSE-RU-2019:0698-1: moderate: Recommended update for yast2-iscsi-lio-server Message-ID: <20190321231832.CB65E10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iscsi-lio-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0698-1 Rating: moderate References: #1123316 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-iscsi-lio-server fixes the following issues: - Accept symlinks to block devices and files in dialogs. (bsc#1123316) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-698=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-iscsi-lio-server-4.0.12-3.6.1 References: https://bugzilla.suse.com/1123316 From sle-updates at lists.suse.com Thu Mar 21 17:19:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:19:16 +0100 (CET) Subject: SUSE-RU-2019:0690-1: moderate: Recommended update for targetcli-fb Message-ID: <20190321231916.898AC10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0690-1 Rating: moderate References: #1123423 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for targetcli-fb contains the following changes: - Ensure this package and the deprecated lio-utils package do not run at the same time, in a sane way (bsc#1123423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-690=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-690=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): targetcli-fb-2.1.43-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): targetcli-fb-2.1.43-7.3.1 References: https://bugzilla.suse.com/1123423 From sle-updates at lists.suse.com Thu Mar 21 17:20:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:20:03 +0100 (CET) Subject: SUSE-RU-2019:13986-1: moderate: Recommended update for mkinitrd Message-ID: <20190321232003.6AA4B10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13986-1 Rating: moderate References: #1125327 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mkinitrd fixes the following issues: - Bugfix: Avoid purge-kernel loop when a package depends on a KMP (bsc#1125327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mkinitrd-13986=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mkinitrd-13986=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-debuginfo-2.4.2-106.11.1 mkinitrd-debugsource-2.4.2-106.11.1 References: https://bugzilla.suse.com/1125327 From sle-updates at lists.suse.com Thu Mar 21 17:20:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:20:53 +0100 (CET) Subject: SUSE-RU-2019:0696-1: moderate: Recommended update for open-vm-tools Message-ID: <20190321232053.2738610125@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0696-1 Rating: moderate References: #1115118 #1121964 #1122435 #1124397 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLE products where available (bsc#1122435) - Improves handling of certain quiesced snapshot failures (bsc#1124397) - Update vmtoolsd.service to support cloud-init customization by default by adding "DefaultDependencies=no" and "Before=cloud-init-local.service" to the [Unit] section of vmtoolsd.service (bsc#1121964) - Update open-vm-tools to 10.3.5 (bsc#1115118) - Bugfix: open-vm-tools has logged warnings, when taking a snapshot of a Linux guest on a vSphere host - Bugfix: open-vm-tools service crashed on Linux systems which are not running on a VMware platform Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-696=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-696=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.3.5-3.22.1 libvmtools0-debuginfo-10.3.5-3.22.1 open-vm-tools-10.3.5-3.22.1 open-vm-tools-debuginfo-10.3.5-3.22.1 open-vm-tools-debugsource-10.3.5-3.22.1 open-vm-tools-desktop-10.3.5-3.22.1 open-vm-tools-desktop-debuginfo-10.3.5-3.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.3.5-3.22.1 libvmtools0-debuginfo-10.3.5-3.22.1 open-vm-tools-10.3.5-3.22.1 open-vm-tools-debuginfo-10.3.5-3.22.1 open-vm-tools-debugsource-10.3.5-3.22.1 open-vm-tools-desktop-10.3.5-3.22.1 open-vm-tools-desktop-debuginfo-10.3.5-3.22.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.3.5-3.22.1 libvmtools0-debuginfo-10.3.5-3.22.1 open-vm-tools-10.3.5-3.22.1 open-vm-tools-debuginfo-10.3.5-3.22.1 open-vm-tools-debugsource-10.3.5-3.22.1 - SUSE CaaS Platform 3.0 (x86_64): libvmtools0-10.3.5-3.22.1 libvmtools0-debuginfo-10.3.5-3.22.1 open-vm-tools-10.3.5-3.22.1 open-vm-tools-debuginfo-10.3.5-3.22.1 open-vm-tools-debugsource-10.3.5-3.22.1 References: https://bugzilla.suse.com/1115118 https://bugzilla.suse.com/1121964 https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1124397 From sle-updates at lists.suse.com Thu Mar 21 17:22:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:22:07 +0100 (CET) Subject: SUSE-RU-2019:0697-1: moderate: Recommended update for libcap-ng Message-ID: <20190321232207.1B56E10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0697-1 Rating: moderate References: #1123319 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcap-ng fixes the following issues: - bsc#1123319: run SPEC file through spec-cleaner Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-697=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-697=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libcap-ng-python-debugsource-0.7.9-3.3.1 python2-capng-0.7.9-3.3.1 python2-capng-debuginfo-0.7.9-3.3.1 python3-capng-0.7.9-3.3.1 python3-capng-debuginfo-0.7.9-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libcap-ng-debugsource-0.7.9-3.3.1 libcap-ng-devel-0.7.9-3.3.1 libcap-ng-utils-0.7.9-3.3.1 libcap-ng-utils-debuginfo-0.7.9-3.3.1 libcap-ng0-0.7.9-3.3.1 libcap-ng0-debuginfo-0.7.9-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcap-ng0-32bit-0.7.9-3.3.1 libcap-ng0-32bit-debuginfo-0.7.9-3.3.1 References: https://bugzilla.suse.com/1123319 From sle-updates at lists.suse.com Thu Mar 21 17:22:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 00:22:53 +0100 (CET) Subject: SUSE-RU-2019:0691-1: moderate: Recommended update for lio-utils Message-ID: <20190321232253.F1B3810125@maintenance.suse.de> SUSE Recommended Update: Recommended update for lio-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0691-1 Rating: moderate References: #1123423 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lio-utils fixes the following issues: - Remove systemd conflicts restriction from here, moving it instead to targetcli-fb, so that this package can run with targetcli (i.e. the old version of targetcli). (bsc#1123423) - Updated License in SPEC file to Apache-2.0, to match our COPYING file contents/license type. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-691=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-691=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): lio-mibs-4.1-17.6.1 lio-mibs-debuginfo-4.1-17.6.1 lio-utils-4.1-17.6.1 lio-utils-debuginfo-4.1-17.6.1 lio-utils-debugsource-4.1-17.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lio-mibs-4.1-17.6.1 lio-mibs-debuginfo-4.1-17.6.1 lio-utils-4.1-17.6.1 lio-utils-debuginfo-4.1-17.6.1 lio-utils-debugsource-4.1-17.6.1 References: https://bugzilla.suse.com/1123423 From sle-updates at lists.suse.com Fri Mar 22 08:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 15:11:02 +0100 (CET) Subject: SUSE-RU-2019:0702-1: moderate: Recommended update for bc Message-ID: <20190322141103.00A30FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for bc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0702-1 Rating: moderate References: #1129038 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bc fixes the following issues: - Correct return value after 'q' command which could lead to problems during Oracle patching (bsc#1129038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-702=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bc-1.07.1-3.3.1 bc-debuginfo-1.07.1-3.3.1 bc-debugsource-1.07.1-3.3.1 References: https://bugzilla.suse.com/1129038 From sle-updates at lists.suse.com Fri Mar 22 11:12:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 18:12:06 +0100 (CET) Subject: SUSE-SU-2019:0706-1: moderate: Security update for libqt5-qtsvg Message-ID: <20190322171206.A029AFCB4@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0706-1 Rating: moderate References: #1118599 Cross-References: CVE-2018-19869 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqt5-qtsvg fixes the following issues: Security issues fixed: - CVE-2018-19869: Fixed Denial of Service when parsing malformed URL reference (bsc#1118599) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-706=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-706=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-706=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libqt5-qtsvg-debugsource-5.9.4-3.3.19 libqt5-qtsvg-examples-5.9.4-3.3.19 libqt5-qtsvg-examples-debuginfo-5.9.4-3.3.19 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): libqt5-qtsvg-private-headers-devel-5.9.4-3.3.19 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Svg5-5.9.4-3.3.19 libQt5Svg5-debuginfo-5.9.4-3.3.19 libqt5-qtsvg-debugsource-5.9.4-3.3.19 libqt5-qtsvg-devel-5.9.4-3.3.19 References: https://www.suse.com/security/cve/CVE-2018-19869.html https://bugzilla.suse.com/1118599 From sle-updates at lists.suse.com Fri Mar 22 11:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 18:13:20 +0100 (CET) Subject: SUSE-RU-2019:0703-1: moderate: Recommended update for open-vm-tools Message-ID: <20190322171320.D6565FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0703-1 Rating: moderate References: #1115118 #1121964 #1122435 #1124397 #1126102 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: - Link VGAuthService to libxmlsec1 rather than libxml-security-c in SLE products where available. (bsc#1122435) - Improve handling of certain quiesced snapshot failures. (bsc#1124397) - Update vmtoolsd.service to support cloud-init customization by default by adding "DefaultDependencies=no" and "Before=cloud-init-local.service" to the [Unit] section of vmtoolsd.service. (bsc#1121964) - open-vm-tools has logged warnings, when taking a snapshot of a Linux guest on a vSphere host. - open-vm-tools service crashed on Linux systems which are not running on a VMware platform. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-703=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-703=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-703=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-703=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-703=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libxmlsec1-1-1.2.26-3.5.1 libxmlsec1-1-debuginfo-1.2.26-3.5.1 libxmlsec1-nss1-1.2.26-3.5.1 libxmlsec1-nss1-debuginfo-1.2.26-3.5.1 libxmlsec1-openssl1-1.2.26-3.5.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.5.1 xmlsec1-debuginfo-1.2.26-3.5.1 xmlsec1-debugsource-1.2.26-3.5.1 xmlsec1-devel-1.2.26-3.5.1 xmlsec1-nss-devel-1.2.26-3.5.1 xmlsec1-openssl-devel-1.2.26-3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.26-3.5.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.5.1 libxmlsec1-gnutls1-1.2.26-3.5.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.5.1 libxmlsec1-openssl1-1.2.26-3.5.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.5.1 xmlsec1-debuginfo-1.2.26-3.5.1 xmlsec1-debugsource-1.2.26-3.5.1 xmlsec1-gnutls-devel-1.2.26-3.5.1 xmlsec1-openssl-devel-1.2.26-3.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.26-3.5.1 libxmlsec1-gcrypt1-debuginfo-1.2.26-3.5.1 libxmlsec1-gnutls1-1.2.26-3.5.1 libxmlsec1-gnutls1-debuginfo-1.2.26-3.5.1 libxmlsec1-openssl1-1.2.26-3.5.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.5.1 xmlsec1-1.2.26-3.5.1 xmlsec1-debuginfo-1.2.26-3.5.1 xmlsec1-debugsource-1.2.26-3.5.1 xmlsec1-gcrypt-devel-1.2.26-3.5.1 xmlsec1-gnutls-devel-1.2.26-3.5.1 xmlsec1-openssl-devel-1.2.26-3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): open-vm-tools-debuginfo-10.3.5-3.11.3 open-vm-tools-debugsource-10.3.5-3.11.3 open-vm-tools-desktop-10.3.5-3.11.3 open-vm-tools-desktop-debuginfo-10.3.5-3.11.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxmlsec1-1-1.2.26-3.5.1 libxmlsec1-1-debuginfo-1.2.26-3.5.1 libxmlsec1-nss1-1.2.26-3.5.1 libxmlsec1-nss1-debuginfo-1.2.26-3.5.1 libxmlsec1-openssl1-1.2.26-3.5.1 libxmlsec1-openssl1-debuginfo-1.2.26-3.5.1 xmlsec1-debuginfo-1.2.26-3.5.1 xmlsec1-debugsource-1.2.26-3.5.1 xmlsec1-devel-1.2.26-3.5.1 xmlsec1-nss-devel-1.2.26-3.5.1 xmlsec1-openssl-devel-1.2.26-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libvmtools-devel-10.3.5-3.11.3 libvmtools0-10.3.5-3.11.3 libvmtools0-debuginfo-10.3.5-3.11.3 open-vm-tools-10.3.5-3.11.3 open-vm-tools-debuginfo-10.3.5-3.11.3 open-vm-tools-debugsource-10.3.5-3.11.3 References: https://bugzilla.suse.com/1115118 https://bugzilla.suse.com/1121964 https://bugzilla.suse.com/1122435 https://bugzilla.suse.com/1124397 https://bugzilla.suse.com/1126102 From sle-updates at lists.suse.com Fri Mar 22 11:14:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 18:14:12 +0100 (CET) Subject: SUSE-SU-2018:3032-2: important: Security update for the Linux Kernel Message-ID: <20190322171412.8EEB2FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3032-2 Rating: important References: #1108399 Cross-References: CVE-2018-17182 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a security fix. The following security bug was fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-526=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.107.1 kernel-default-base-3.12.74-60.64.107.1 kernel-default-base-debuginfo-3.12.74-60.64.107.1 kernel-default-debuginfo-3.12.74-60.64.107.1 kernel-default-debugsource-3.12.74-60.64.107.1 kernel-default-devel-3.12.74-60.64.107.1 kernel-syms-3.12.74-60.64.107.1 kernel-xen-3.12.74-60.64.107.1 kernel-xen-base-3.12.74-60.64.107.1 kernel-xen-base-debuginfo-3.12.74-60.64.107.1 kernel-xen-debuginfo-3.12.74-60.64.107.1 kernel-xen-debugsource-3.12.74-60.64.107.1 kernel-xen-devel-3.12.74-60.64.107.1 kgraft-patch-3_12_74-60_64_107-default-1-2.3.1 kgraft-patch-3_12_74-60_64_107-xen-1-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.107.1 kernel-macros-3.12.74-60.64.107.1 kernel-source-3.12.74-60.64.107.1 References: https://www.suse.com/security/cve/CVE-2018-17182.html https://bugzilla.suse.com/1108399 From sle-updates at lists.suse.com Fri Mar 22 11:15:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 18:15:00 +0100 (CET) Subject: SUSE-SU-2019:0705-1: moderate: Security update for libqt5-qtimageformats Message-ID: <20190322171500.95A7DFCD2@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtimageformats ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0705-1 Rating: moderate References: #1118598 Cross-References: CVE-2018-19871 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqt5-qtimageformats fixes the following issues: Security issues fixed: - CVE-2018-19871: Fixed CPU exhaustion in QTgaFile (bsc#1118598) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-705=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libqt5-qtimageformats-5.9.4-3.3.17 libqt5-qtimageformats-debuginfo-5.9.4-3.3.17 libqt5-qtimageformats-debugsource-5.9.4-3.3.17 libqt5-qtimageformats-devel-5.9.4-3.3.17 References: https://www.suse.com/security/cve/CVE-2018-19871.html https://bugzilla.suse.com/1118598 From sle-updates at lists.suse.com Fri Mar 22 11:15:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 18:15:49 +0100 (CET) Subject: SUSE-SU-2019:0707-1: moderate: Security update for unzip Message-ID: <20190322171549.F0AEDFCD2@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0707-1 Rating: moderate References: #1110194 Cross-References: CVE-2018-18384 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-707=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-707=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): unzip-debuginfo-6.00-4.8.13 unzip-debugsource-6.00-4.8.13 unzip-doc-6.00-4.8.13 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): unzip-6.00-4.8.13 unzip-debuginfo-6.00-4.8.13 unzip-debugsource-6.00-4.8.13 References: https://www.suse.com/security/cve/CVE-2018-18384.html https://bugzilla.suse.com/1110194 From sle-updates at lists.suse.com Fri Mar 22 13:10:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:10:07 +0100 (CET) Subject: SUSE-RU-2019:0714-1: Recommended update for xf86-video-dummy Message-ID: <20190322191007.F354510125@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-dummy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0714-1 Rating: low References: #1117991 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the xf86-video-dummy driver, which was not previously shipped. (FATE#327549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-714=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-714=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-714=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-714=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xf86-video-dummy-0.3.7-7.2.1 xf86-video-dummy-debuginfo-0.3.7-7.2.1 xf86-video-dummy-debugsource-0.3.7-7.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xf86-video-dummy-0.3.7-7.2.1 xf86-video-dummy-debuginfo-0.3.7-7.2.1 xf86-video-dummy-debugsource-0.3.7-7.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): xf86-video-dummy-0.3.7-7.2.1 xf86-video-dummy-debuginfo-0.3.7-7.2.1 xf86-video-dummy-debugsource-0.3.7-7.2.1 - SUSE Enterprise Storage 4 (x86_64): xf86-video-dummy-0.3.7-7.2.1 xf86-video-dummy-debuginfo-0.3.7-7.2.1 xf86-video-dummy-debugsource-0.3.7-7.2.1 References: https://bugzilla.suse.com/1117991 From sle-updates at lists.suse.com Fri Mar 22 13:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:10:59 +0100 (CET) Subject: SUSE-RU-2019:0713-1: moderate: Recommended update for glibc Message-ID: <20190322191059.6B83D10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0713-1 Rating: moderate References: #1063675 #1126590 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-713=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-713=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-713=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glibc-html-2.26-13.14.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.14.1 glibc-debugsource-2.26-13.14.1 glibc-devel-static-2.26-13.14.1 glibc-utils-2.26-13.14.1 glibc-utils-debuginfo-2.26-13.14.1 glibc-utils-src-debugsource-2.26-13.14.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.14.1 glibc-devel-32bit-2.26-13.14.1 glibc-devel-32bit-debuginfo-2.26-13.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.14.1 glibc-debuginfo-2.26-13.14.1 glibc-debugsource-2.26-13.14.1 glibc-devel-2.26-13.14.1 glibc-devel-debuginfo-2.26-13.14.1 glibc-extra-2.26-13.14.1 glibc-extra-debuginfo-2.26-13.14.1 glibc-locale-2.26-13.14.1 glibc-locale-base-2.26-13.14.1 glibc-locale-base-debuginfo-2.26-13.14.1 glibc-profile-2.26-13.14.1 nscd-2.26-13.14.1 nscd-debuginfo-2.26-13.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.14.1 glibc-info-2.26-13.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.14.1 glibc-32bit-debuginfo-2.26-13.14.1 References: https://bugzilla.suse.com/1063675 https://bugzilla.suse.com/1126590 From sle-updates at lists.suse.com Fri Mar 22 13:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:12:00 +0100 (CET) Subject: SUSE-SU-2019:0720-1: moderate: Security update for libgxps Message-ID: <20190322191200.7835710125@maintenance.suse.de> SUSE Security Update: Security update for libgxps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0720-1 Rating: moderate References: #1092125 Cross-References: CVE-2018-10733 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgxps fixes the following issues: - CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-720=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-720=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libgxps-debuginfo-0.3.0-4.3.29 libgxps-debugsource-0.3.0-4.3.29 libgxps-tools-0.3.0-4.3.29 libgxps-tools-debuginfo-0.3.0-4.3.29 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libgxps-debuginfo-0.3.0-4.3.29 libgxps-debugsource-0.3.0-4.3.29 libgxps-devel-0.3.0-4.3.29 libgxps2-0.3.0-4.3.29 libgxps2-debuginfo-0.3.0-4.3.29 typelib-1_0-GXPS-0_1-0.3.0-4.3.29 References: https://www.suse.com/security/cve/CVE-2018-10733.html https://bugzilla.suse.com/1092125 From sle-updates at lists.suse.com Fri Mar 22 13:12:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:12:57 +0100 (CET) Subject: SUSE-RU-2019:0708-1: Recommended update for meson Message-ID: <20190322191257.B61B810125@maintenance.suse.de> SUSE Recommended Update: Recommended update for meson ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0708-1 Rating: low References: #1125736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for meson fixes the following issues: - No relevant changes for SLE (bsc#1125736) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-708=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-708=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): meson-testsuite-0.46.0-3.3.1 meson-vim-0.46.0-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): meson-0.46.0-3.3.1 References: https://bugzilla.suse.com/1125736 From sle-updates at lists.suse.com Fri Mar 22 13:13:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:13:44 +0100 (CET) Subject: SUSE-SU-2019:0718-1: important: Security update for ghostscript Message-ID: <20190322191344.B9D9010125@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0718-1 Rating: important References: #1129186 Cross-References: CVE-2019-3838 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-718=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-718=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.26a-3.15.1 ghostscript-mini-debuginfo-9.26a-3.15.1 ghostscript-mini-debugsource-9.26a-3.15.1 ghostscript-mini-devel-9.26a-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-3.15.1 ghostscript-debuginfo-9.26a-3.15.1 ghostscript-debugsource-9.26a-3.15.1 ghostscript-devel-9.26a-3.15.1 ghostscript-x11-9.26a-3.15.1 ghostscript-x11-debuginfo-9.26a-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-3838.html https://bugzilla.suse.com/1129186 From sle-updates at lists.suse.com Fri Mar 22 13:14:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:14:36 +0100 (CET) Subject: SUSE-SU-2019:0712-1: moderate: Security update for ucode-intel Message-ID: <20190322191436.C0AFC10125@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0712-1 Rating: moderate References: #1129231 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-712=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190312-3.12.1 References: https://bugzilla.suse.com/1129231 From sle-updates at lists.suse.com Fri Mar 22 13:15:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:15:28 +0100 (CET) Subject: SUSE-SU-2019:0709-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) Message-ID: <20190322191528.74BE010125@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0709-1 Rating: important References: #1124729 #1124734 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-709=1 SUSE-SLE-SAP-12-SP2-2019-710=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-709=1 SUSE-SLE-SERVER-12-SP2-2019-710=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_98-default-4-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_92-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_98-default-4-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_92-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Fri Mar 22 13:16:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:16:31 +0100 (CET) Subject: SUSE-RU-2019:0715-1: Recommended update for xf86-video-dummy Message-ID: <20190322191631.4C8E910125@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-dummy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0715-1 Rating: low References: #1117991 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the xf86-video-dummy driver, which was not previously shipped. (FATE#327549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-715=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): xf86-video-dummy-0.3.7-8.2.1 xf86-video-dummy-debuginfo-0.3.7-8.2.1 xf86-video-dummy-debugsource-0.3.7-8.2.1 References: https://bugzilla.suse.com/1117991 From sle-updates at lists.suse.com Fri Mar 22 13:17:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:17:21 +0100 (CET) Subject: SUSE-RU-2019:0717-1: moderate: Recommended update for SUSE Manager Server 3.2 Message-ID: <20190322191721.A358810125@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0717-1 Rating: moderate References: #1129300 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spacewalk-backend fixes the following issues: - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Avoid DB constraint violations caused by extended UTF8 characters on the RPM headers - Prevent mgr-inter-sync crash because 'SuseProductRepository' not found (bsc#1129300) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-717=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-717=1 Package List: - SUSE Manager Server 3.2 (noarch): spacewalk-backend-2.8.57.13-3.22.1 spacewalk-backend-app-2.8.57.13-3.22.1 spacewalk-backend-applet-2.8.57.13-3.22.1 spacewalk-backend-config-files-2.8.57.13-3.22.1 spacewalk-backend-config-files-common-2.8.57.13-3.22.1 spacewalk-backend-config-files-tool-2.8.57.13-3.22.1 spacewalk-backend-iss-2.8.57.13-3.22.1 spacewalk-backend-iss-export-2.8.57.13-3.22.1 spacewalk-backend-libs-2.8.57.13-3.22.1 spacewalk-backend-package-push-server-2.8.57.13-3.22.1 spacewalk-backend-server-2.8.57.13-3.22.1 spacewalk-backend-sql-2.8.57.13-3.22.1 spacewalk-backend-sql-oracle-2.8.57.13-3.22.1 spacewalk-backend-sql-postgresql-2.8.57.13-3.22.1 spacewalk-backend-tools-2.8.57.13-3.22.1 spacewalk-backend-xml-export-libs-2.8.57.13-3.22.1 spacewalk-backend-xmlrpc-2.8.57.13-3.22.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.13-3.22.1 spacewalk-backend-libs-2.8.57.13-3.22.1 References: https://bugzilla.suse.com/1129300 From sle-updates at lists.suse.com Fri Mar 22 13:18:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:18:20 +0100 (CET) Subject: SUSE-SU-2019:0711-1: moderate: Security update for libjpeg-turbo Message-ID: <20190322191820.0B35E10125@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0711-1 Rating: moderate References: #1096209 #1098155 #1128712 Cross-References: CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-711=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-711=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-711=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-711=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.7.1 libjpeg-turbo-debuginfo-1.5.3-5.7.1 libjpeg-turbo-debugsource-1.5.3-5.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.7.1 libjpeg-turbo-debuginfo-1.5.3-5.7.1 libjpeg-turbo-debugsource-1.5.3-5.7.1 libjpeg62-turbo-1.5.3-5.7.1 libjpeg62-turbo-debugsource-1.5.3-5.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libjpeg8-32bit-8.1.2-5.7.1 libjpeg8-32bit-debuginfo-8.1.2-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-5.7.1 libjpeg62-debuginfo-62.2.0-5.7.1 libjpeg62-devel-62.2.0-5.7.1 libjpeg8-8.1.2-5.7.1 libjpeg8-debuginfo-8.1.2-5.7.1 libjpeg8-devel-8.1.2-5.7.1 libturbojpeg0-8.1.2-5.7.1 libturbojpeg0-debuginfo-8.1.2-5.7.1 References: https://www.suse.com/security/cve/CVE-2018-1152.html https://www.suse.com/security/cve/CVE-2018-11813.html https://www.suse.com/security/cve/CVE-2018-14498.html https://bugzilla.suse.com/1096209 https://bugzilla.suse.com/1098155 https://bugzilla.suse.com/1128712 From sle-updates at lists.suse.com Fri Mar 22 13:19:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:19:30 +0100 (CET) Subject: SUSE-SU-2019:0719-1: important: Security update for ghostscript Message-ID: <20190322191930.4F7F410125@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0719-1 Rating: important References: #1129186 Cross-References: CVE-2019-3838 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-719=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-719=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-719=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-719=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-719=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-719=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-719=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-719=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-719=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-719=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-719=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-719=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-719=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-719=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-devel-9.26a-23.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-devel-9.26a-23.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.26a-23.22.1 ghostscript-debuginfo-9.26a-23.22.1 ghostscript-debugsource-9.26a-23.22.1 ghostscript-x11-9.26a-23.22.1 ghostscript-x11-debuginfo-9.26a-23.22.1 References: https://www.suse.com/security/cve/CVE-2019-3838.html https://bugzilla.suse.com/1129186 From sle-updates at lists.suse.com Fri Mar 22 13:20:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 20:20:26 +0100 (CET) Subject: SUSE-SU-2019:0716-1: moderate: Security update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas Message-ID: <20190322192026.7964810125@maintenance.suse.de> SUSE Security Update: Security update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0716-1 Rating: moderate References: #1089834 #1105476 #1116475 #1119902 #1124695 Cross-References: CVE-2017-15139 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas fixes the following issues: Security vulnerabity fixed in openstack-cinder: - CVE-2017-15139: Fixed a leakage of sensitive information between tenants in certain storage volume configurations (bsc#1105476) Bug fixes and other changes in openstack-horizon-plugin-designate-ui: - Remove the py{c} files unconditionally without error messages Bug fixes and other changes in openstack-neutron: - Fixed an issue with neutron leaving behind ovs ports when already in skipped_ports (bsc#1124695) - Require version and release to ensure that subpackages are consistent and coherent (bsc#1119902) - Fixed an issue with lbass neutron ports being down or in status build (bsc#1119902) - Enable liberal TCP connection tracking to prevent connection resets (bsc#1116475) - Switch to mariadb.service - Add dependency on rabbitmq to neutron-server.service Bug fixes and changes in openstack-neutron-lbaas.changes - Improve performance of loadbalancer objects (bsc#1089834) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-716=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-cinder-9.1.5~dev6-4.21.3 openstack-cinder-api-9.1.5~dev6-4.21.3 openstack-cinder-backup-9.1.5~dev6-4.21.3 openstack-cinder-doc-9.1.5~dev6-4.21.3 openstack-cinder-scheduler-9.1.5~dev6-4.21.3 openstack-cinder-volume-9.1.5~dev6-4.21.3 openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.9.3 openstack-neutron-9.4.2~dev21-7.27.3 openstack-neutron-dhcp-agent-9.4.2~dev21-7.27.3 openstack-neutron-doc-9.4.2~dev21-7.27.3 openstack-neutron-ha-tool-9.4.2~dev21-7.27.3 openstack-neutron-l3-agent-9.4.2~dev21-7.27.3 openstack-neutron-lbaas-9.2.2~dev11-4.15.3 openstack-neutron-lbaas-agent-9.2.2~dev11-4.15.3 openstack-neutron-lbaas-doc-9.2.2~dev11-4.15.3 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.27.3 openstack-neutron-macvtap-agent-9.4.2~dev21-7.27.3 openstack-neutron-metadata-agent-9.4.2~dev21-7.27.3 openstack-neutron-metering-agent-9.4.2~dev21-7.27.3 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.27.3 openstack-neutron-server-9.4.2~dev21-7.27.3 python-cinder-9.1.5~dev6-4.21.3 python-horizon-plugin-designate-ui-3.0.2~dev1-3.9.3 python-neutron-9.4.2~dev21-7.27.3 python-neutron-lbaas-9.2.2~dev11-4.15.3 References: https://www.suse.com/security/cve/CVE-2017-15139.html https://bugzilla.suse.com/1089834 https://bugzilla.suse.com/1105476 https://bugzilla.suse.com/1116475 https://bugzilla.suse.com/1119902 https://bugzilla.suse.com/1124695 From sle-updates at lists.suse.com Fri Mar 22 14:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Mar 2019 21:11:04 +0100 (CET) Subject: SUSE-RU-2019:13988-1: moderate: Recommended update for sbd Message-ID: <20190322201104.9F0DA10125@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13988-1 Rating: moderate References: #1033600 #1033934 #1065748 #1079316 #1086650 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-md: return error if faied to list any devices (bsc#1086650) - sbd-md: dump_headers returns 0 even open_device failed (bsc#1079316) - man: Call "-P" option "Pacemaker integration" in the description (bsc#1033600) - Fix node name parameter in manpage - sbd.sh: Use a more obvious variable on parsing devices (bsc#1033934) - sbd-inquisitor: Do not create duplicate servants (bsc#1033934, bsc#1065748) - sbd-inquisitor: Correctly look up servant by device name (bsc#1033934, bsc#1065748) - sbd.sh: Correctly handle SBD_DELAY_START for multiple SBD devices (bsc#1033934) - sbd.sh: consistent use of SBD_BIN (bsc#1033934) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sbd-13988=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sbd-13988=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-1.2.1-16.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-debuginfo-1.2.1-16.6.1 sbd-debugsource-1.2.1-16.6.1 References: https://bugzilla.suse.com/1033600 https://bugzilla.suse.com/1033934 https://bugzilla.suse.com/1065748 https://bugzilla.suse.com/1079316 https://bugzilla.suse.com/1086650 From sle-updates at lists.suse.com Mon Mar 25 08:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 15:09:51 +0100 (CET) Subject: SUSE-RU-2019:0724-1: Recommended update for xf86-video-dummy Message-ID: <20190325140951.C3828FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-dummy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0724-1 Rating: low References: #1117991 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the xf86-video-dummy driver, which was not previously shipped. (FATE#327549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-724=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le x86_64): xf86-video-dummy-0.3.8-1.3.1 xf86-video-dummy-debuginfo-0.3.8-1.3.1 xf86-video-dummy-debugsource-0.3.8-1.3.1 References: https://bugzilla.suse.com/1117991 From sle-updates at lists.suse.com Mon Mar 25 08:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 15:10:31 +0100 (CET) Subject: SUSE-RU-2018:1094-2: Recommended update for nfs-utils Message-ID: <20190325141031.A34E3FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:1094-2 Rating: low References: #1017909 #1040968 #1053691 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nfs-utils provides the following fixes: - Fix nfs-client's service dependency so that when YaST restarts "nfs" the action is propagated to "nfs-client" as well. (bsc#1053691) - Allow umount to work when NFS server is down. (bsc#1040968) - Fix exit code of nfsstat(8). (bsc#1017909) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-723=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-723=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-723=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-723=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-doc-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-doc-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-doc-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 - SUSE Enterprise Storage 4 (x86_64): nfs-client-1.3.0-34.8.3 nfs-client-debuginfo-1.3.0-34.8.3 nfs-doc-1.3.0-34.8.3 nfs-kernel-server-1.3.0-34.8.3 nfs-kernel-server-debuginfo-1.3.0-34.8.3 nfs-utils-debugsource-1.3.0-34.8.3 References: https://bugzilla.suse.com/1017909 https://bugzilla.suse.com/1040968 https://bugzilla.suse.com/1053691 From sle-updates at lists.suse.com Mon Mar 25 08:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 15:11:34 +0100 (CET) Subject: SUSE-SU-2019:0722-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) Message-ID: <20190325141134.31DE1FD57@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0722-1 Rating: important References: #1124729 #1124734 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-722=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-722=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Mon Mar 25 09:52:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 16:52:56 +0100 (CET) Subject: SUSE-SU-2019:0726-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP4) Message-ID: <20190325155256.4A28510025@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0726-1 Rating: important References: #1124729 #1124734 #1126284 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-726=1 SUSE-SLE-Live-Patching-12-SP4-2019-727=1 SUSE-SLE-Live-Patching-12-SP4-2019-728=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-4-2.10.2 kgraft-patch-4_12_14-94_41-default-debuginfo-4-2.10.2 kgraft-patch-4_12_14-95_3-default-3-2.1 kgraft-patch-4_12_14-95_6-default-2-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-4-2.10.2 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Mon Mar 25 11:10:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 18:10:54 +0100 (CET) Subject: SUSE-RU-2019:0730-1: moderate: Recommended update for bind Message-ID: <20190325171054.4136CFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0730-1 Rating: moderate References: #1094236 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bind fixes the following issues: - Fixes an issue where dynamic DNS updates with GSS-TSIG against Microsoft or Samba DNS servers are not working (bsc#1094236) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-730=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-730=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-730=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-3.3.1 bind-debugsource-9.11.2-3.3.1 bind-devel-9.11.2-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bind-9.11.2-3.3.1 bind-chrootenv-9.11.2-3.3.1 bind-debuginfo-9.11.2-3.3.1 bind-debugsource-9.11.2-3.3.1 bind-utils-9.11.2-3.3.1 bind-utils-debuginfo-9.11.2-3.3.1 libbind9-160-9.11.2-3.3.1 libbind9-160-debuginfo-9.11.2-3.3.1 libdns169-9.11.2-3.3.1 libdns169-debuginfo-9.11.2-3.3.1 libirs160-9.11.2-3.3.1 libirs160-debuginfo-9.11.2-3.3.1 libisc166-9.11.2-3.3.1 libisc166-debuginfo-9.11.2-3.3.1 libisccc160-9.11.2-3.3.1 libisccc160-debuginfo-9.11.2-3.3.1 libisccfg160-9.11.2-3.3.1 libisccfg160-debuginfo-9.11.2-3.3.1 liblwres160-9.11.2-3.3.1 liblwres160-debuginfo-9.11.2-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libisc166-32bit-9.11.2-3.3.1 libisc166-debuginfo-32bit-9.11.2-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bind-doc-9.11.2-3.3.1 python-bind-9.11.2-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-bind-9.11.2-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bind-debuginfo-9.11.2-3.3.1 bind-debugsource-9.11.2-3.3.1 bind-utils-9.11.2-3.3.1 bind-utils-debuginfo-9.11.2-3.3.1 libbind9-160-9.11.2-3.3.1 libbind9-160-debuginfo-9.11.2-3.3.1 libdns169-9.11.2-3.3.1 libdns169-debuginfo-9.11.2-3.3.1 libirs160-9.11.2-3.3.1 libirs160-debuginfo-9.11.2-3.3.1 libisc166-32bit-9.11.2-3.3.1 libisc166-9.11.2-3.3.1 libisc166-debuginfo-32bit-9.11.2-3.3.1 libisc166-debuginfo-9.11.2-3.3.1 libisccc160-9.11.2-3.3.1 libisccc160-debuginfo-9.11.2-3.3.1 libisccfg160-9.11.2-3.3.1 libisccfg160-debuginfo-9.11.2-3.3.1 liblwres160-9.11.2-3.3.1 liblwres160-debuginfo-9.11.2-3.3.1 References: https://bugzilla.suse.com/1094236 From sle-updates at lists.suse.com Mon Mar 25 11:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 18:11:41 +0100 (CET) Subject: SUSE-RU-2019:0729-1: moderate: Recommended update for rasdaemon Message-ID: <20190325171141.5A412FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for rasdaemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0729-1 Rating: moderate References: #1128122 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rasdaemon fixes the following issues: - Fix AMD K8 bad buffer access and a fix using correct PCI AER type. (bsc#1128122) - Fix on mce-amd-k8.c to avoid writing at the end of buffer. (bsc#1128122) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-729=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rasdaemon-0.6.0-5.3.1 rasdaemon-debuginfo-0.6.0-5.3.1 rasdaemon-debugsource-0.6.0-5.3.1 References: https://bugzilla.suse.com/1128122 From sle-updates at lists.suse.com Mon Mar 25 14:11:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:11:17 +0100 (CET) Subject: SUSE-RU-2019:0735-1: moderate: Recommended update for apache2 Message-ID: <20190325201117.B8BAAF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0735-1 Rating: moderate References: #1125965 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - mod_httpd2 HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (bsc#1125965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-735=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-735=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.12.1 apache2-debuginfo-2.4.33-3.12.1 apache2-debugsource-2.4.33-3.12.1 apache2-devel-2.4.33-3.12.1 apache2-prefork-2.4.33-3.12.1 apache2-prefork-debuginfo-2.4.33-3.12.1 apache2-utils-2.4.33-3.12.1 apache2-utils-debuginfo-2.4.33-3.12.1 apache2-worker-2.4.33-3.12.1 apache2-worker-debuginfo-2.4.33-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.12.1 apache2-debugsource-2.4.33-3.12.1 apache2-event-2.4.33-3.12.1 apache2-event-debuginfo-2.4.33-3.12.1 apache2-example-pages-2.4.33-3.12.1 References: https://bugzilla.suse.com/1125965 From sle-updates at lists.suse.com Mon Mar 25 14:13:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:13:16 +0100 (CET) Subject: SUSE-RU-2019:0737-1: moderate: Recommended update for open-iscsi Message-ID: <20190325201316.74AAFF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0737-1 Rating: moderate References: #1122938 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Fix output for iscsiadm node/iface with print level P1 set. (bsc#1122938), Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-737=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-737=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-53.22.5 iscsiuio-debuginfo-0.7.8.2-53.22.5 libopeniscsiusr0_2_0-2.0.876-53.22.5 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.22.5 open-iscsi-2.0.876-53.22.5 open-iscsi-debuginfo-2.0.876-53.22.5 open-iscsi-debugsource-2.0.876-53.22.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): iscsiuio-0.7.8.2-53.22.5 iscsiuio-debuginfo-0.7.8.2-53.22.5 libopeniscsiusr0_2_0-2.0.876-53.22.5 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.22.5 open-iscsi-2.0.876-53.22.5 open-iscsi-debuginfo-2.0.876-53.22.5 open-iscsi-debugsource-2.0.876-53.22.5 - SUSE CaaS Platform ALL (x86_64): libopeniscsiusr0_2_0-2.0.876-53.22.5 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.22.5 open-iscsi-2.0.876-53.22.5 open-iscsi-debuginfo-2.0.876-53.22.5 open-iscsi-debugsource-2.0.876-53.22.5 - SUSE CaaS Platform 3.0 (x86_64): iscsiuio-0.7.8.2-53.22.5 iscsiuio-debuginfo-0.7.8.2-53.22.5 libopeniscsiusr0_2_0-2.0.876-53.22.5 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.22.5 open-iscsi-2.0.876-53.22.5 open-iscsi-debuginfo-2.0.876-53.22.5 open-iscsi-debugsource-2.0.876-53.22.5 References: https://bugzilla.suse.com/1122938 From sle-updates at lists.suse.com Mon Mar 25 14:14:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:14:34 +0100 (CET) Subject: SUSE-RU-2019:0733-1: moderate: Recommended update for autoyast2 Message-ID: <20190325201434.5DCCBF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0733-1 Rating: moderate References: #1057597 #1094822 #1123091 Affected Products: SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop Installer 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autoyast2 provides the following fixes: - Do not try to resize LVM partitions within a RAID system. (bsc#1057597) - Removed unneeded flag network_needed in script section. (bsc#1094822) - Fix conflicting items in rule dialogs. (bsc#1123091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2019-733=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-733=1 - SUSE Linux Enterprise Desktop Installer 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP4-2019-733=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-733=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Server 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Desktop Installer 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 References: https://bugzilla.suse.com/1057597 https://bugzilla.suse.com/1094822 https://bugzilla.suse.com/1123091 From sle-updates at lists.suse.com Mon Mar 25 14:15:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:15:45 +0100 (CET) Subject: SUSE-RU-2019:0731-1: moderate: Recommended update for kiwi Message-ID: <20190325201545.10FB4F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0731-1 Rating: moderate References: #1126217 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issues: - Fixed an issue with GCE bundler where it looked for the old name format and failed to find the image result (bsc#1126217) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-731=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-731=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-7.04.48-72.34.1 kiwi-desc-oemboot-7.04.48-72.34.1 kiwi-desc-vmxboot-7.04.48-72.34.1 kiwi-templates-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kiwi-doc-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kiwi-desc-isoboot-7.04.48-72.34.1 References: https://bugzilla.suse.com/1126217 From sle-updates at lists.suse.com Mon Mar 25 14:16:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:16:28 +0100 (CET) Subject: SUSE-RU-2019:0734-1: moderate: Recommended update for python-kiwi Message-ID: <20190325201628.BDD9CF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0734-1 Rating: moderate References: #1108508 #1110869 #1110871 #1119416 #1123185 #1123186 #1126283 #1126318 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for python-kiwi provides the following fixes: - Fix some code issues reported by new flake8 version. - Change the default value for bundler compression. If no compression is configured in the kiwi config file, the default was set to False. However this led to problems on the OBS side for images which have fixed storage disk sizes configured (for example Azure images which request 30G disk size per instance). Thus the default changed to True. - Fix grub theme lookup. If the theme was not found at the expected place an exception was thrown. However the alternative lookup code in /boot was not reached with that exception. - Add a runtime check for preferences metadata, specifically verifying that there is a packagemanager defined and an image version defined. - Support alternative EFI and grub modules paths. In SUSE products EFI binaries are historically located in /usr/lib*/efi. In a recent move to package grub2 as noarch, a collision between x86_64 and aarch64 has been identified, as both place platform-specific files to the same location. To fix this, a new location was devised: /usr/share/efi/$(uname -m). At the same time /usr/lib/grub2 will move to /usr/share/grub2. (fate#326960) - Fix Xen guest detection. Xen setup (e.g in the Amazon Cloud) is only supported for the x86_64 architecture. (bsc#1123186, bsc#1123185) - Fix the location of grub unicode font file. grub2 is expecting the unicode font under the fonts directory in the /boot/grub*/ depending on how the distribution installs grub2. (bsc#1119416) - Add container history metadata on umoci repack call. This change makes sure that `umoci repack` call includes history metadata and skips that in `umoci config` call. - Do not assume package manager is always there. This change modifies the behavior for zypper to not assume rpm binary is always part of the image. An image could be bootstrapped only without zypper or rpm, in that case it does not make sense and it is not possible to dump and reload the rpmdb. - Allow to switch off install image boot timeout. This commit adds a new attribute called: It allows to setup the boot timeout for install images build with KIWI. If not set or set to 'true', the configured boottimeout or its default applies to the install image as it was before. If set to 'false' there will be no timeout in the install image bootloader setup and the boot only continues on manual intervention. - Make result compression in the bundler optional. Calling kiwi result bundle will take the image build results and bundle the relevant image files according to their image type. Depending on the result configuration this could instruct the bundler to compress one or more files from the result. If compression is activated the result image has to be uncompressed before it can be used. - Fix using SysConfig objects. Objects of that class do not provide a get method but overload the bracket [] operator. Using the get() method would fail. - Use chkstat to verify and fix file permissions. Call chkstat in system mode which reads /etc/sysconfig/security to determine the configured security level and applies the appropriate permission definitions from the /etc/permissions* files. It is possible to provide those files as overlay files in the image description to apply a certain permission setup when needed. Otherwise the default setup as provided on the package level applies. It is required that the image root system has chkstat installed. If not present KIWI will skip this step and continue with a warning. - Allow setting the protocol to tcp or upd (e.g. "80/tcp") for exposed container ports. If no protocol is provided, OCI defaults are applied. - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree, otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dict including all defined volumes. - More clarity on kernel version lookup. Lookup of the kernel version is done by directly reading the kernel image via a small tool named kversion. The scope of the tool is limited and does not work for e.g kernel images which contain their own decompressor code. For the special cases exceptions were defined, one was zImage. The recently added exception for vmlinuz seemed too intrusive and was also not well documented. This change tries to clarify and get back to explicit and easy to read coding. - Refactor kernel version lookup. Check the presence of the gzip compressed kernel binary and use it. If not present use the arbitrary kernel image format with the known limitations. - Refactor OCI tools. In order to provide buildah support some of the logic about temporary directories for OCI images creation needed to be moved to the dedicated OCI tool class. While umoci can operate in any directory and this is passed as an argument, this is not the case for buildah. In buildah workflow the storage path of work-in-progress images and containers and the mountpoint of the container rootfs are not customizable. - Use cow file on persistent grub live loop boot. When using tools like live-grub-stick, the live iso as generated by kiwi will be copied as file on the target device and a grub loopback setup is created there to boot the live system from file. In such a case the persistent write setup which tries to create an extra write partition on the target fails in almost all cases because the target has no free and unpartitioned space available. Therefore in case of such a loopback mounted system we create a cow file (live_system.cow) instead of a partition to setup persistent writing. The cow file will be created in the same directory the live iso image file was read from grub. - Better exception handling in OEM installer. If an error condition applies in the kiwi dump dracut code, the reaction was to stop the process with a dracut die() call. If the option 'rd.debug' was set on boot, this lead to a debugging shell which is good, but in a standard process this lead to a lock of the machine which is an unfortunate situation. This fix changes the behavior to always print the error message as a dialog message box on the primary console and reboot the system after keypress or timeout. In case of the debug switch configured the system die()'s as before. - Add parted dependency for dracut-kiwi-live package. dracut-kiwi-live requires the `partprobe` tool and this is provided by parted package. Persistent overlay setup fails if parted is not installed in the image. - Add support for --no-history umoci's flag. By using this flag kiwi appends only a single history entry for OCI containers. - Improve dialog usage in kiwi-dump-image. Dialog's "--radiolist" feature requires to navigate to the item, press "space" to select the item and then "enter" to execute. With "--menu", it is enough to just navigate to the item and press "enter" to execute, which is much more intuitive for most users. - Fixed OEM installer. In the implementation of the ramdisk installer, an error for the standard case was introduced such that the lsblk call was invalid. This led to no devices being present for the installation. - Fix rsync call for filesystem images. For filesystem images the rsync call was missing a trail slash for the source path causing the sync to include also the containing directory. With this change the filesystem image does not include the rootfs in any subdirectory. - Add history metadata for container builds. This change adds the history section in containerconfig. With that, 'author', 'created_by' and 'comment' can be customized. In addition, 'created' is always included with the image creation date time. 'created_by' entry is set to 'KIWI __version__' by default if nothing is provided. - Change bundling of image formats. By default none of the image formats were stored as compressed files. The reason behind this was the assumption that some formats automatically make use of compression, which is true but only in their processing and not in their data blocks at creation time. Storage and handling of the image file itself becomes cumbersome and therefore the default bundle setup for image formats was changed to be compressed. This means the image, as it gets packed by KIWI, needs to be uncompressed before use. The following image formats are affected by the change in a call of the result bundler: * qcow2 (.qcow2.xz) * vdi (.vdi.xz) * vhd (.vhd.xz) * vhdx (.vhdx.xz) * vmdk (.vmdk.xz) - Fixed firmware strip and lookup for kiwi initrd. In a kiwi initrd the function baseStripFirmware can be used to strip down the firmware to the actually used kernel drivers in that initrd. The code to do this was broken due to some other changes. This change fixes the method to work correctly again. - kiwi-partitions-lib: Wait for udev before lsblk. An LVM-enabled OEM image spuriously did not resize its PV / LVs due to lsblk sometimes racing with udev and the disk was just not available during get_partition_node_name(). Call udev_pending() before all lsblk calls to avoid that. (the lsblk man page also advocates this to synchronize with udev) - Refactor containerconfig xml evaluation. This change refactors the extracted data from containerconfig section to be tool agnostic. - Support ramdisk deployment in OEM images. Using the rd.kiwi.ramdisk boot option enables the deployment into a ramdisk. If this option is enabled, only ramdisk devices as provided by the brd kernel driver will be available for deployment. - Distinguish install and image dracut config. This fix distinguishes the files that should be installed inside the image dracut only than the ones installed in both, in install initrd and image initrd. - Apply OCI interface for container and root_import. Instead of directly calling the container archiving tool, in this case umoci, the code has been changed to use the new OCI interface class. - Added OCI tooling interface class. An initiative to formulate industry standards around container formats and runtime is available at https://www.opencontainers.org. Different tools to implement the specifications had been created. The purpose of this class and its sub-classes is to provide a common interface in kiwi to allow using all tools such that the container support in kiwi covers every linux distribution no matter what tooling was preferred. - Warn on modifications to intermediate configuration files. Some files are taken from the host and managed as intermediate config files during the build of the image. Changes to those files during the build run by e.g a script will not become effective because the file gets restored. With this fix the modification condition is detected and a warning message is displayed so that the author of the image can adapt the description as suggested in the message. - Move the default rpm database path into Defaults class. - Add a hardcoded rpm database path to import trusted keys so that they are in the expected location for zypper. - Allow simple path source in Uri class. This patch is needed as follow up fix for the setup of the package cache in local repositories. The is_remote method from the Uri class is used to identify if a repository source is remote or local. At that point the initial repository source was already translated into its components. In case of a local repository the Uri instance now receives a simple path and the is_remote method raised with a style error. This patch allows the Uri class to be more friendly and initializes a local path as file:/ typed source. - Do not cache packages from local repos for zypper. Access to packages from local repositories is as fast as reading them from a cache location. The additional package copy and cache update is superfluous and should be avoided. - Update /etc/machine-id management docs. Update the information about how /etc/machine-id is treated in KIWI and provide some hints for old systems where /var/lib/dbus/machine-id is not a symlink to /etc/machine-id. - Added machine id setup in dracut preparation. In case of a dracut booted image we empty out the systemd machine-id configuration file to trigger the rebuild of that information by the dracut boot code at boot time. This allows for unique systemd identifiers if the same image gets deployed on different machines. This also obsoletes the scripts people put in in config.sh or images.sh to solve this problem obsolete. - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) - Include livenet module with dmsquash-live support. The upstream dracut dmsquash-live module supports network mode with the livenet module. But that module must be explicitly included and is not fetched automatically. - Fixed URI handling with token query option. So far only the query format "?credentials=" was supported. In case of "?random_token_data" the returned uri was truncated and also the format check on the query caused a python trace. (bsc#1110869, bsc#1108508) - Make use of the quiet flag of mountpoint command. This sets the use of -q flag of mountpoint. Kiwi only checks the return code, thus any stdout is useless in this case. - Fixes LVM based image creation in OBS. Attempting to create LVM based images under the Open Build Service would run into some issues related to the fact that there is no udev running in the chroot environment used to build kiwi based images. Two workarounds have been implemented in this patch: 1. When calling lvcreate, include the `-Zn` option to disable the automatic zeroing of the header of the newly created LV device. Doing so requires that the LV device's /dev entry exists immediately after it has been created, but in a chroot environment udev is not going to be running to automatically populate /dev// or /dev/mapper/-. This should be safe to do since the LV is being created within a loopback device based partition, which is backed by a zero filled file, created by qemu-img. 2. After creating an LV we need to run `vgscan --mknodes` to create the required device nodes under /dev, which won't be automatically created since udev is not running in the chroot environment. - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dictionary including all defined volumes. - Fixed disk detection from root device. The method lookup_disk_device_from_root assigns the disk device matching the root device uuid. However in a multipath environment multiple disk devices matches the same root device. The code to assign the multipath map in this case was missing in the dracut code base. (bsc#1126283, bsc#1126318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-734=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-734=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-734=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.16-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-man-pages-9.17.16-3.11.1 kiwi-tools-9.17.16-3.11.1 kiwi-tools-debuginfo-9.17.16-3.11.1 python-kiwi-debugsource-9.17.16-3.11.1 python2-kiwi-9.17.16-3.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kiwi-tools-9.17.16-3.11.1 kiwi-tools-debuginfo-9.17.16-3.11.1 python-kiwi-debugsource-9.17.16-3.11.1 References: https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 From sle-updates at lists.suse.com Mon Mar 25 14:19:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:19:17 +0100 (CET) Subject: SUSE-SU-2019:0736-1: moderate: Security update for ucode-intel Message-ID: <20190325201917.8B006F7BB@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0736-1 Rating: moderate References: #1129231 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-736=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-736=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-736=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-736=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-736=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-736=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-736=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-736=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-736=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-736=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-736=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-736=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 References: https://bugzilla.suse.com/1129231 From sle-updates at lists.suse.com Mon Mar 25 14:22:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:22:44 +0100 (CET) Subject: SUSE-RU-2019:0734-1: moderate: Recommended update for python-kiwi Message-ID: <20190325202244.DEFB2F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0734-1 Rating: moderate References: #1108508 #1110869 #1110871 #1119416 #1123185 #1123186 #1126283 #1126318 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for python-kiwi provides the following fixes: - Fix some code issues reported by new flake8 version. - Change the default value for bundler compression. If no compression is configured in the kiwi config file, the default was set to False. However this led to problems on the OBS side for images which have fixed storage disk sizes configured (for example Azure images which request 30G disk size per instance). Thus the default changed to True. - Fix grub theme lookup. If the theme was not found at the expected place an exception was thrown. However the alternative lookup code in /boot was not reached with that exception. - Add a runtime check for preferences metadata, specifically verifying that there is a packagemanager defined and an image version defined. - Support alternative EFI and grub modules paths. In SUSE products EFI binaries are historically located in /usr/lib*/efi. In a recent move to package grub2 as noarch, a collision between x86_64 and aarch64 has been identified, as both place platform-specific files to the same location. To fix this, a new location was devised: /usr/share/efi/$(uname -m). At the same time /usr/lib/grub2 will move to /usr/share/grub2. (fate#326960) - Fix Xen guest detection. Xen setup (e.g in the Amazon Cloud) is only supported for the x86_64 architecture. (bsc#1123186, bsc#1123185) - Fix the location of grub unicode font file. grub2 is expecting the unicode font under the fonts directory in the /boot/grub*/ depending on how the distribution installs grub2. (bsc#1119416) - Add container history metadata on umoci repack call. This change makes sure that `umoci repack` call includes history metadata and skips that in `umoci config` call. - Do not assume package manager is always there. This change modifies the behavior for zypper to not assume rpm binary is always part of the image. An image could be bootstrapped only without zypper or rpm, in that case it does not make sense and it is not possible to dump and reload the rpmdb. - Allow to switch off install image boot timeout. This commit adds a new attribute called: It allows to setup the boot timeout for install images build with KIWI. If not set or set to 'true', the configured boottimeout or its default applies to the install image as it was before. If set to 'false' there will be no timeout in the install image bootloader setup and the boot only continues on manual intervention. - Make result compression in the bundler optional. Calling kiwi result bundle will take the image build results and bundle the relevant image files according to their image type. Depending on the result configuration this could instruct the bundler to compress one or more files from the result. If compression is activated the result image has to be uncompressed before it can be used. - Fix using SysConfig objects. Objects of that class do not provide a get method but overload the bracket [] operator. Using the get() method would fail. - Use chkstat to verify and fix file permissions. Call chkstat in system mode which reads /etc/sysconfig/security to determine the configured security level and applies the appropriate permission definitions from the /etc/permissions* files. It is possible to provide those files as overlay files in the image description to apply a certain permission setup when needed. Otherwise the default setup as provided on the package level applies. It is required that the image root system has chkstat installed. If not present KIWI will skip this step and continue with a warning. - Allow setting the protocol to tcp or upd (e.g. "80/tcp") for exposed container ports. If no protocol is provided, OCI defaults are applied. - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree, otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dict including all defined volumes. - More clarity on kernel version lookup. Lookup of the kernel version is done by directly reading the kernel image via a small tool named kversion. The scope of the tool is limited and does not work for e.g kernel images which contain their own decompressor code. For the special cases exceptions were defined, one was zImage. The recently added exception for vmlinuz seemed too intrusive and was also not well documented. This change tries to clarify and get back to explicit and easy to read coding. - Refactor kernel version lookup. Check the presence of the gzip compressed kernel binary and use it. If not present use the arbitrary kernel image format with the known limitations. - Refactor OCI tools. In order to provide buildah support some of the logic about temporary directories for OCI images creation needed to be moved to the dedicated OCI tool class. While umoci can operate in any directory and this is passed as an argument, this is not the case for buildah. In buildah workflow the storage path of work-in-progress images and containers and the mountpoint of the container rootfs are not customizable. - Use cow file on persistent grub live loop boot. When using tools like live-grub-stick, the live iso as generated by kiwi will be copied as file on the target device and a grub loopback setup is created there to boot the live system from file. In such a case the persistent write setup which tries to create an extra write partition on the target fails in almost all cases because the target has no free and unpartitioned space available. Therefore in case of such a loopback mounted system we create a cow file (live_system.cow) instead of a partition to setup persistent writing. The cow file will be created in the same directory the live iso image file was read from grub. - Better exception handling in OEM installer. If an error condition applies in the kiwi dump dracut code, the reaction was to stop the process with a dracut die() call. If the option 'rd.debug' was set on boot, this lead to a debugging shell which is good, but in a standard process this lead to a lock of the machine which is an unfortunate situation. This fix changes the behavior to always print the error message as a dialog message box on the primary console and reboot the system after keypress or timeout. In case of the debug switch configured the system die()'s as before. - Add parted dependency for dracut-kiwi-live package. dracut-kiwi-live requires the `partprobe` tool and this is provided by parted package. Persistent overlay setup fails if parted is not installed in the image. - Add support for --no-history umoci's flag. By using this flag kiwi appends only a single history entry for OCI containers. - Improve dialog usage in kiwi-dump-image. Dialog's "--radiolist" feature requires to navigate to the item, press "space" to select the item and then "enter" to execute. With "--menu", it is enough to just navigate to the item and press "enter" to execute, which is much more intuitive for most users. - Fixed OEM installer. In the implementation of the ramdisk installer, an error for the standard case was introduced such that the lsblk call was invalid. This led to no devices being present for the installation. - Fix rsync call for filesystem images. For filesystem images the rsync call was missing a trail slash for the source path causing the sync to include also the containing directory. With this change the filesystem image does not include the rootfs in any subdirectory. - Add history metadata for container builds. This change adds the history section in containerconfig. With that, 'author', 'created_by' and 'comment' can be customized. In addition, 'created' is always included with the image creation date time. 'created_by' entry is set to 'KIWI __version__' by default if nothing is provided. - Change bundling of image formats. By default none of the image formats were stored as compressed files. The reason behind this was the assumption that some formats automatically make use of compression, which is true but only in their processing and not in their data blocks at creation time. Storage and handling of the image file itself becomes cumbersome and therefore the default bundle setup for image formats was changed to be compressed. This means the image, as it gets packed by KIWI, needs to be uncompressed before use. The following image formats are affected by the change in a call of the result bundler: * qcow2 (.qcow2.xz) * vdi (.vdi.xz) * vhd (.vhd.xz) * vhdx (.vhdx.xz) * vmdk (.vmdk.xz) - Fixed firmware strip and lookup for kiwi initrd. In a kiwi initrd the function baseStripFirmware can be used to strip down the firmware to the actually used kernel drivers in that initrd. The code to do this was broken due to some other changes. This change fixes the method to work correctly again. - kiwi-partitions-lib: Wait for udev before lsblk. An LVM-enabled OEM image spuriously did not resize its PV / LVs due to lsblk sometimes racing with udev and the disk was just not available during get_partition_node_name(). Call udev_pending() before all lsblk calls to avoid that. (the lsblk man page also advocates this to synchronize with udev) - Refactor containerconfig xml evaluation. This change refactors the extracted data from containerconfig section to be tool agnostic. - Support ramdisk deployment in OEM images. Using the rd.kiwi.ramdisk boot option enables the deployment into a ramdisk. If this option is enabled, only ramdisk devices as provided by the brd kernel driver will be available for deployment. - Distinguish install and image dracut config. This fix distinguishes the files that should be installed inside the image dracut only than the ones installed in both, in install initrd and image initrd. - Apply OCI interface for container and root_import. Instead of directly calling the container archiving tool, in this case umoci, the code has been changed to use the new OCI interface class. - Added OCI tooling interface class. An initiative to formulate industry standards around container formats and runtime is available at https://www.opencontainers.org. Different tools to implement the specifications had been created. The purpose of this class and its sub-classes is to provide a common interface in kiwi to allow using all tools such that the container support in kiwi covers every linux distribution no matter what tooling was preferred. - Warn on modifications to intermediate configuration files. Some files are taken from the host and managed as intermediate config files during the build of the image. Changes to those files during the build run by e.g a script will not become effective because the file gets restored. With this fix the modification condition is detected and a warning message is displayed so that the author of the image can adapt the description as suggested in the message. - Move the default rpm database path into Defaults class. - Add a hardcoded rpm database path to import trusted keys so that they are in the expected location for zypper. - Allow simple path source in Uri class. This patch is needed as follow up fix for the setup of the package cache in local repositories. The is_remote method from the Uri class is used to identify if a repository source is remote or local. At that point the initial repository source was already translated into its components. In case of a local repository the Uri instance now receives a simple path and the is_remote method raised with a style error. This patch allows the Uri class to be more friendly and initializes a local path as file:/ typed source. - Do not cache packages from local repos for zypper. Access to packages from local repositories is as fast as reading them from a cache location. The additional package copy and cache update is superfluous and should be avoided. - Update /etc/machine-id management docs. Update the information about how /etc/machine-id is treated in KIWI and provide some hints for old systems where /var/lib/dbus/machine-id is not a symlink to /etc/machine-id. - Added machine id setup in dracut preparation. In case of a dracut booted image we empty out the systemd machine-id configuration file to trigger the rebuild of that information by the dracut boot code at boot time. This allows for unique systemd identifiers if the same image gets deployed on different machines. This also obsoletes the scripts people put in in config.sh or images.sh to solve this problem obsolete. - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) - Include livenet module with dmsquash-live support. The upstream dracut dmsquash-live module supports network mode with the livenet module. But that module must be explicitly included and is not fetched automatically. - Fixed URI handling with token query option. So far only the query format "?credentials=" was supported. In case of "?random_token_data" the returned uri was truncated and also the format check on the query caused a python trace. (bsc#1110869, bsc#1108508) - Make use of the quiet flag of mountpoint command. This sets the use of -q flag of mountpoint. Kiwi only checks the return code, thus any stdout is useless in this case. - Fixes LVM based image creation in OBS. Attempting to create LVM based images under the Open Build Service would run into some issues related to the fact that there is no udev running in the chroot environment used to build kiwi based images. Two workarounds have been implemented in this patch: 1. When calling lvcreate, include the `-Zn` option to disable the automatic zeroing of the header of the newly created LV device. Doing so requires that the LV device's /dev entry exists immediately after it has been created, but in a chroot environment udev is not going to be running to automatically populate /dev// or /dev/mapper/-. This should be safe to do since the LV is being created within a loopback device based partition, which is backed by a zero filled file, created by qemu-img. 2. After creating an LV we need to run `vgscan --mknodes` to create the required device nodes under /dev, which won't be automatically created since udev is not running in the chroot environment. - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dictionary including all defined volumes. - Fixed disk detection from root device. The method lookup_disk_device_from_root assigns the disk device matching the root device uuid. However in a multipath environment multiple disk devices matches the same root device. The code to assign the multipath map in this case was missing in the dracut code base. (bsc#1126283, bsc#1126318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-734=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-734=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-734=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.16-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-man-pages-9.17.16-3.11.1 kiwi-tools-9.17.16-3.11.1 kiwi-tools-debuginfo-9.17.16-3.11.1 python-kiwi-debugsource-9.17.16-3.11.1 python2-kiwi-9.17.16-3.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kiwi-tools-9.17.16-3.11.1 kiwi-tools-debuginfo-9.17.16-3.11.1 python-kiwi-debugsource-9.17.16-3.11.1 References: https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 From sle-updates at lists.suse.com Mon Mar 25 14:24:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:24:58 +0100 (CET) Subject: SUSE-SU-2019:0736-1: moderate: Security update for ucode-intel Message-ID: <20190325202458.AF01FF7BB@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0736-1 Rating: moderate References: #1129231 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-736=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-736=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-736=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-736=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-736=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-736=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-736=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-736=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-736=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-736=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-736=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-736=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190312-13.38.1 ucode-intel-debuginfo-20190312-13.38.1 ucode-intel-debugsource-20190312-13.38.1 References: https://bugzilla.suse.com/1129231 From sle-updates at lists.suse.com Mon Mar 25 14:33:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:33:48 +0100 (CET) Subject: SUSE-RU-2019:0733-1: moderate: Recommended update for autoyast2 Message-ID: <20190325203348.1A1D8F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0733-1 Rating: moderate References: #1057597 #1094822 #1123091 Affected Products: SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop Installer 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autoyast2 provides the following fixes: - Do not try to resize LVM partitions within a RAID system. (bsc#1057597) - Removed unneeded flag network_needed in script section. (bsc#1094822) - Fix conflicting items in rule dialogs. (bsc#1123091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2019-733=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-733=1 - SUSE Linux Enterprise Desktop Installer 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP4-2019-733=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-733=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Server 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Desktop Installer 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): autoyast2-3.2.34-3.5.5 autoyast2-installation-3.2.34-3.5.5 References: https://bugzilla.suse.com/1057597 https://bugzilla.suse.com/1094822 https://bugzilla.suse.com/1123091 From sle-updates at lists.suse.com Mon Mar 25 14:35:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Mar 2019 21:35:11 +0100 (CET) Subject: SUSE-RU-2019:0731-1: moderate: Recommended update for kiwi Message-ID: <20190325203511.EAD83F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0731-1 Rating: moderate References: #1126217 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issues: - Fixed an issue with GCE bundler where it looked for the old name format and failed to find the image result (bsc#1126217) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-731=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-731=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-7.04.48-72.34.1 kiwi-desc-oemboot-7.04.48-72.34.1 kiwi-desc-vmxboot-7.04.48-72.34.1 kiwi-templates-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kiwi-desc-isoboot-7.04.48-72.34.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kiwi-doc-7.04.48-72.34.1 References: https://bugzilla.suse.com/1126217 From sle-updates at lists.suse.com Tue Mar 26 08:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 15:09:34 +0100 (CET) Subject: SUSE-SU-2019:0738-1: moderate: Security update for ovmf Message-ID: <20190326140934.855A9F7BB@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0738-1 Rating: moderate References: #1128503 Cross-References: CVE-2018-12181 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issue: Security issue fixed: - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-738=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): ovmf-2017+git1492060560.b6d11d7c46-4.23.1 ovmf-tools-2017+git1492060560.b6d11d7c46-4.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.23.1 qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.23.1 References: https://www.suse.com/security/cve/CVE-2018-12181.html https://bugzilla.suse.com/1128503 From sle-updates at lists.suse.com Tue Mar 26 11:12:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 18:12:11 +0100 (CET) Subject: SUSE-SU-2019:0740-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15) Message-ID: <20190326171211.371B5F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0740-1 Rating: important References: #1124729 #1124734 #1126284 #1127757 #1128378 Cross-References: CVE-2018-12232 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_3 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bsc#1127757). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-740=1 SUSE-SLE-Module-Live-Patching-15-2019-746=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-9-25.2 kernel-livepatch-4_12_14-23-default-debuginfo-9-25.2 kernel-livepatch-4_12_14-25_3-default-8-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-8-2.1 kernel-livepatch-SLE15_Update_0-debugsource-9-25.2 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1127757 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Mar 26 11:13:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 18:13:26 +0100 (CET) Subject: SUSE-SU-2019:0747-1: moderate: Security update for gd Message-ID: <20190326171326.CA4A9F7BB@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0747-1 Rating: moderate References: #1123361 #1123522 Cross-References: CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-747=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-747=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-747=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-747=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-747=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-747=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-747=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-747=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gd-32bit-2.1.0-24.12.1 gd-debuginfo-32bit-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gd-32bit-2.1.0-24.12.1 gd-debuginfo-32bit-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 gd-devel-2.1.0-24.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 gd-devel-2.1.0-24.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.12.1 gd-debuginfo-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.12.1 gd-debuginfo-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gd-2.1.0-24.12.1 gd-32bit-2.1.0-24.12.1 gd-debuginfo-2.1.0-24.12.1 gd-debuginfo-32bit-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gd-2.1.0-24.12.1 gd-32bit-2.1.0-24.12.1 gd-debuginfo-2.1.0-24.12.1 gd-debuginfo-32bit-2.1.0-24.12.1 gd-debugsource-2.1.0-24.12.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1123361 https://bugzilla.suse.com/1123522 From sle-updates at lists.suse.com Tue Mar 26 11:14:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 18:14:24 +0100 (CET) Subject: SUSE-SU-2019:0745-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15) Message-ID: <20190326171424.5B40FF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0745-1 Rating: important References: #1124729 #1124734 #1126284 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_13 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-741=1 SUSE-SLE-Module-Live-Patching-15-2019-742=1 SUSE-SLE-Module-Live-Patching-15-2019-743=1 SUSE-SLE-Module-Live-Patching-15-2019-744=1 SUSE-SLE-Module-Live-Patching-15-2019-745=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_13-default-6-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_16-default-5-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_19-default-5-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_22-default-4-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_6-default-8-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Mar 26 11:15:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 18:15:37 +0100 (CET) Subject: SUSE-SU-2019:0739-1: moderate: Security update for ImageMagick Message-ID: <20190326171537.B7D56F7BB@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0739-1 Rating: moderate References: #1106415 #1106996 #1113064 #1120381 #1124365 #1124366 #1124367 #1124368 #1128649 Cross-References: CVE-2018-16412 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed a memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed an infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7396: Fixed a memory leak in the function ReadSIXELImage (bsc#1124367). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). Non-security issue fixed: - Fixed a regression in regards to the 'edge' comand line flag (bsc#1106415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-739=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-739=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-739=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.49.4 ImageMagick-debugsource-7.0.7.34-3.49.4 ImageMagick-extra-7.0.7.34-3.49.4 ImageMagick-extra-debuginfo-7.0.7.34-3.49.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.49.4 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.49.4 ImageMagick-debugsource-7.0.7.34-3.49.4 perl-PerlMagick-7.0.7.34-3.49.4 perl-PerlMagick-debuginfo-7.0.7.34-3.49.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.49.4 ImageMagick-debuginfo-7.0.7.34-3.49.4 ImageMagick-debugsource-7.0.7.34-3.49.4 ImageMagick-devel-7.0.7.34-3.49.4 libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.49.4 libMagick++-devel-7.0.7.34-3.49.4 libMagickCore-7_Q16HDRI6-7.0.7.34-3.49.4 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.49.4 libMagickWand-7_Q16HDRI6-7.0.7.34-3.49.4 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.49.4 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-18544.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7395.html https://www.suse.com/security/cve/CVE-2019-7396.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://bugzilla.suse.com/1106415 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1113064 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1124367 https://bugzilla.suse.com/1124368 https://bugzilla.suse.com/1128649 From sle-updates at lists.suse.com Tue Mar 26 11:17:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 18:17:32 +0100 (CET) Subject: SUSE-SU-2019:0748-1: moderate: Security update for libmspack Message-ID: <20190326171732.EE403F7BB@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0748-1 Rating: moderate References: #1113038 #1113039 Cross-References: CVE-2018-18584 CVE-2018-18585 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the "/\0" name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-748=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-748=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.3.11 mspack-tools-0.6-3.3.11 mspack-tools-debuginfo-0.6-3.3.11 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.3.11 libmspack-devel-0.6-3.3.11 libmspack0-0.6-3.3.11 libmspack0-debuginfo-0.6-3.3.11 References: https://www.suse.com/security/cve/CVE-2018-18584.html https://www.suse.com/security/cve/CVE-2018-18585.html https://bugzilla.suse.com/1113038 https://bugzilla.suse.com/1113039 From sle-updates at lists.suse.com Tue Mar 26 14:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 21:10:04 +0100 (CET) Subject: SUSE-RU-2019:0749-1: moderate: Recommended update for dracut Message-ID: <20190326201004.2F887FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0749-1 Rating: moderate References: #1127891 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Check SUSE kernel module dependencies recursively (bsc#1127891) - Avoid "Failed to chown ... Operation not permitted" when run from non-root, by not copying xattrs. (osc#1092178) - Handle non-versioned dependency in purge-kernels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-749=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-749=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.2-18.24.1 dracut-debugsource-044.2-18.24.1 dracut-tools-044.2-18.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.24.1 dracut-debuginfo-044.2-18.24.1 dracut-debugsource-044.2-18.24.1 dracut-fips-044.2-18.24.1 dracut-ima-044.2-18.24.1 References: https://bugzilla.suse.com/1127891 From sle-updates at lists.suse.com Tue Mar 26 14:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 21:10:50 +0100 (CET) Subject: SUSE-SU-2019:0765-1: important: Security update for the Linux Kernel Message-ID: <20190326201050.6C32CFCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0765-1 Rating: important References: #1046305 #1046306 #1050252 #1050549 #1051510 #1054610 #1055121 #1056658 #1056662 #1056787 #1060463 #1063638 #1065600 #1068032 #1070995 #1071995 #1074562 #1074578 #1074701 #1075006 #1075419 #1075748 #1078355 #1080039 #1082943 #1083548 #1083647 #1084216 #1086095 #1086282 #1086301 #1086313 #1086314 #1086323 #1087082 #1087084 #1087092 #1087939 #1088133 #1094555 #1098382 #1098425 #1098995 #1102055 #1103429 #1104353 #1106105 #1106434 #1106811 #1107078 #1107665 #1108101 #1108870 #1109695 #1110096 #1110705 #1111666 #1113042 #1113712 #1113722 #1113769 #1113939 #1114279 #1114585 #1114893 #1117108 #1117155 #1117645 #1117947 #1118338 #1119019 #1119086 #1119766 #1119843 #1120008 #1120318 #1120601 #1120758 #1120854 #1120902 #1120909 #1120955 #1121317 #1121726 #1121789 #1121805 #1122019 #1122159 #1122192 #1122292 #1122324 #1122554 #1122662 #1122764 #1122779 #1122822 #1122885 #1122927 #1122944 #1122971 #1122982 #1123060 #1123061 #1123161 #1123317 #1123348 #1123357 #1123456 #1123538 #1123697 #1123882 #1123933 #1124055 #1124204 #1124235 #1124579 #1124589 #1124728 #1124732 #1124735 #1124969 #1124974 #1124975 #1124976 #1124978 #1124979 #1124980 #1124981 #1124982 #1124984 #1124985 #1125109 #1125125 #1125252 #1125315 #1125614 #1125728 #1125780 #1125797 #1125799 #1125800 #1125907 #1125947 #1126131 #1126209 #1126389 #1126393 #1126476 #1126480 #1126481 #1126488 #1126495 #1126555 #1126579 #1126789 #1126790 #1126802 #1126803 #1126804 #1126805 #1126806 #1126807 #1127042 #1127062 #1127082 #1127154 #1127285 #1127286 #1127307 #1127363 #1127493 #1127494 #1127495 #1127496 #1127497 #1127498 #1127534 #1127561 #1127567 #1127595 #1127603 #1127682 #1127731 #1127750 #1127836 #1127961 #1128094 #1128166 #1128351 #1128451 #1128895 #1129046 #1129080 #1129163 #1129179 #1129181 #1129182 #1129183 #1129184 #1129205 #1129281 #1129284 #1129285 #1129291 #1129292 #1129293 #1129294 #1129295 #1129296 #1129326 #1129327 #1129330 #1129363 #1129366 #1129497 #1129519 #1129543 #1129547 #1129551 #1129581 #1129625 #1129664 #1129739 #1129923 #807502 #824948 #828192 #925178 Cross-References: CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 215 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be "ARS-long" rather than "ARS-short" (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a "Lunch Box" check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek "IPMI" device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support "nosharetransport" option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert "block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1051510). - Revert "input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G" (bsc#1051510). - Revert "openvswitch: Fix template leak in error cases." (bsc#1051510). - Revert "scsi: qla2xxx: Fix NVMe Target discovery" (bsc#1125252). - Revert "serial: 8250: Fix clearing FIFOs in RS485 mode again" (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert "xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue" (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete "fake section table" reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-765=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-765=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-765=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-765=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-765=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-extra-4.12.14-95.13.1 kernel-default-extra-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.13.1 kernel-obs-build-debugsource-4.12.14-95.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.13.1 kernel-default-base-4.12.14-95.13.1 kernel-default-base-debuginfo-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-devel-4.12.14-95.13.1 kernel-syms-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.13.1 kernel-macros-4.12.14-95.13.1 kernel-source-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.13.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.13.1 cluster-md-kmp-default-debuginfo-4.12.14-95.13.1 dlm-kmp-default-4.12.14-95.13.1 dlm-kmp-default-debuginfo-4.12.14-95.13.1 gfs2-kmp-default-4.12.14-95.13.1 gfs2-kmp-default-debuginfo-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 ocfs2-kmp-default-4.12.14-95.13.1 ocfs2-kmp-default-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.13.1 kernel-macros-4.12.14-95.13.1 kernel-source-4.12.14-95.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-devel-4.12.14-95.13.1 kernel-default-devel-debuginfo-4.12.14-95.13.1 kernel-default-extra-4.12.14-95.13.1 kernel-default-extra-debuginfo-4.12.14-95.13.1 kernel-syms-4.12.14-95.13.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3819.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-7308.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-8980.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050252 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054610 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1056658 https://bugzilla.suse.com/1056662 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070995 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084216 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1088133 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098382 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098995 https://bugzilla.suse.com/1102055 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106811 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107665 https://bugzilla.suse.com/1108101 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110705 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1113042 https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113939 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117155 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117947 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119766 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120008 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120854 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120909 https://bugzilla.suse.com/1120955 https://bugzilla.suse.com/1121317 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1121789 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122019 https://bugzilla.suse.com/1122159 https://bugzilla.suse.com/1122192 https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122324 https://bugzilla.suse.com/1122554 https://bugzilla.suse.com/1122662 https://bugzilla.suse.com/1122764 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1122927 https://bugzilla.suse.com/1122944 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1122982 https://bugzilla.suse.com/1123060 https://bugzilla.suse.com/1123061 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1123317 https://bugzilla.suse.com/1123348 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123456 https://bugzilla.suse.com/1123538 https://bugzilla.suse.com/1123697 https://bugzilla.suse.com/1123882 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124055 https://bugzilla.suse.com/1124204 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1124579 https://bugzilla.suse.com/1124589 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124969 https://bugzilla.suse.com/1124974 https://bugzilla.suse.com/1124975 https://bugzilla.suse.com/1124976 https://bugzilla.suse.com/1124978 https://bugzilla.suse.com/1124979 https://bugzilla.suse.com/1124980 https://bugzilla.suse.com/1124981 https://bugzilla.suse.com/1124982 https://bugzilla.suse.com/1124984 https://bugzilla.suse.com/1124985 https://bugzilla.suse.com/1125109 https://bugzilla.suse.com/1125125 https://bugzilla.suse.com/1125252 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125614 https://bugzilla.suse.com/1125728 https://bugzilla.suse.com/1125780 https://bugzilla.suse.com/1125797 https://bugzilla.suse.com/1125799 https://bugzilla.suse.com/1125800 https://bugzilla.suse.com/1125907 https://bugzilla.suse.com/1125947 https://bugzilla.suse.com/1126131 https://bugzilla.suse.com/1126209 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126393 https://bugzilla.suse.com/1126476 https://bugzilla.suse.com/1126480 https://bugzilla.suse.com/1126481 https://bugzilla.suse.com/1126488 https://bugzilla.suse.com/1126495 https://bugzilla.suse.com/1126555 https://bugzilla.suse.com/1126579 https://bugzilla.suse.com/1126789 https://bugzilla.suse.com/1126790 https://bugzilla.suse.com/1126802 https://bugzilla.suse.com/1126803 https://bugzilla.suse.com/1126804 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1126806 https://bugzilla.suse.com/1126807 https://bugzilla.suse.com/1127042 https://bugzilla.suse.com/1127062 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127154 https://bugzilla.suse.com/1127285 https://bugzilla.suse.com/1127286 https://bugzilla.suse.com/1127307 https://bugzilla.suse.com/1127363 https://bugzilla.suse.com/1127493 https://bugzilla.suse.com/1127494 https://bugzilla.suse.com/1127495 https://bugzilla.suse.com/1127496 https://bugzilla.suse.com/1127497 https://bugzilla.suse.com/1127498 https://bugzilla.suse.com/1127534 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127567 https://bugzilla.suse.com/1127595 https://bugzilla.suse.com/1127603 https://bugzilla.suse.com/1127682 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127750 https://bugzilla.suse.com/1127836 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128094 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128351 https://bugzilla.suse.com/1128451 https://bugzilla.suse.com/1128895 https://bugzilla.suse.com/1129046 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129163 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129181 https://bugzilla.suse.com/1129182 https://bugzilla.suse.com/1129183 https://bugzilla.suse.com/1129184 https://bugzilla.suse.com/1129205 https://bugzilla.suse.com/1129281 https://bugzilla.suse.com/1129284 https://bugzilla.suse.com/1129285 https://bugzilla.suse.com/1129291 https://bugzilla.suse.com/1129292 https://bugzilla.suse.com/1129293 https://bugzilla.suse.com/1129294 https://bugzilla.suse.com/1129295 https://bugzilla.suse.com/1129296 https://bugzilla.suse.com/1129326 https://bugzilla.suse.com/1129327 https://bugzilla.suse.com/1129330 https://bugzilla.suse.com/1129363 https://bugzilla.suse.com/1129366 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129543 https://bugzilla.suse.com/1129547 https://bugzilla.suse.com/1129551 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129625 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1129739 https://bugzilla.suse.com/1129923 https://bugzilla.suse.com/807502 https://bugzilla.suse.com/824948 https://bugzilla.suse.com/828192 https://bugzilla.suse.com/925178 From sle-updates at lists.suse.com Tue Mar 26 14:44:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 21:44:34 +0100 (CET) Subject: SUSE-SU-2019:0754-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP3) Message-ID: <20190326204435.04C2CFCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0754-1 Rating: important References: #1124729 #1124734 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.143-94_47 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-751=1 SUSE-SLE-Live-Patching-12-SP3-2019-752=1 SUSE-SLE-Live-Patching-12-SP3-2019-753=1 SUSE-SLE-Live-Patching-12-SP3-2019-754=1 SUSE-SLE-Live-Patching-12-SP3-2019-755=1 SUSE-SLE-Live-Patching-12-SP3-2019-756=1 SUSE-SLE-Live-Patching-12-SP3-2019-757=1 SUSE-SLE-Live-Patching-12-SP3-2019-758=1 SUSE-SLE-Live-Patching-12-SP3-2019-759=1 SUSE-SLE-Live-Patching-12-SP3-2019-760=1 SUSE-SLE-Live-Patching-12-SP3-2019-762=1 SUSE-SLE-Live-Patching-12-SP3-2019-763=1 SUSE-SLE-Live-Patching-12-SP3-2019-764=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-11-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-11-2.1 kgraft-patch-4_4_126-94_22-default-11-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-11-2.1 kgraft-patch-4_4_131-94_29-default-9-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-9-2.1 kgraft-patch-4_4_132-94_33-default-9-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-9-2.1 kgraft-patch-4_4_138-94_39-default-7-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-7-2.1 kgraft-patch-4_4_140-94_42-default-7-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-7-2.1 kgraft-patch-4_4_143-94_47-default-5-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-5-2.1 kgraft-patch-4_4_155-94_50-default-5-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-5-2.1 kgraft-patch-4_4_156-94_57-default-5-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-5-2.1 kgraft-patch-4_4_156-94_61-default-5-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-5-2.1 kgraft-patch-4_4_156-94_64-default-4-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-4-2.1 kgraft-patch-4_4_162-94_69-default-3-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-3-2.1 kgraft-patch-4_4_162-94_72-default-3-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Mar 26 14:45:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 21:45:36 +0100 (CET) Subject: SUSE-SU-2019:0761-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) Message-ID: <20190326204536.63AAEFCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0761-1 Rating: important References: #1128378 Cross-References: CVE-2019-9213 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.175-94_79 fixes one issue. The following security issue was fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-761=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_175-94_79-default-2-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1128378 From sle-updates at lists.suse.com Tue Mar 26 14:46:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 21:46:24 +0100 (CET) Subject: SUSE-SU-2019:0765-1: important: Security update for the Linux Kernel Message-ID: <20190326204624.A2E24FCD2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0765-1 Rating: important References: #1046305 #1046306 #1050252 #1050549 #1051510 #1054610 #1055121 #1056658 #1056662 #1056787 #1060463 #1063638 #1065600 #1068032 #1070995 #1071995 #1074562 #1074578 #1074701 #1075006 #1075419 #1075748 #1078355 #1080039 #1082943 #1083548 #1083647 #1084216 #1086095 #1086282 #1086301 #1086313 #1086314 #1086323 #1087082 #1087084 #1087092 #1087939 #1088133 #1094555 #1098382 #1098425 #1098995 #1102055 #1103429 #1104353 #1106105 #1106434 #1106811 #1107078 #1107665 #1108101 #1108870 #1109695 #1110096 #1110705 #1111666 #1113042 #1113712 #1113722 #1113769 #1113939 #1114279 #1114585 #1114893 #1117108 #1117155 #1117645 #1117947 #1118338 #1119019 #1119086 #1119766 #1119843 #1120008 #1120318 #1120601 #1120758 #1120854 #1120902 #1120909 #1120955 #1121317 #1121726 #1121789 #1121805 #1122019 #1122159 #1122192 #1122292 #1122324 #1122554 #1122662 #1122764 #1122779 #1122822 #1122885 #1122927 #1122944 #1122971 #1122982 #1123060 #1123061 #1123161 #1123317 #1123348 #1123357 #1123456 #1123538 #1123697 #1123882 #1123933 #1124055 #1124204 #1124235 #1124579 #1124589 #1124728 #1124732 #1124735 #1124969 #1124974 #1124975 #1124976 #1124978 #1124979 #1124980 #1124981 #1124982 #1124984 #1124985 #1125109 #1125125 #1125252 #1125315 #1125614 #1125728 #1125780 #1125797 #1125799 #1125800 #1125907 #1125947 #1126131 #1126209 #1126389 #1126393 #1126476 #1126480 #1126481 #1126488 #1126495 #1126555 #1126579 #1126789 #1126790 #1126802 #1126803 #1126804 #1126805 #1126806 #1126807 #1127042 #1127062 #1127082 #1127154 #1127285 #1127286 #1127307 #1127363 #1127493 #1127494 #1127495 #1127496 #1127497 #1127498 #1127534 #1127561 #1127567 #1127595 #1127603 #1127682 #1127731 #1127750 #1127836 #1127961 #1128094 #1128166 #1128351 #1128451 #1128895 #1129046 #1129080 #1129163 #1129179 #1129181 #1129182 #1129183 #1129184 #1129205 #1129281 #1129284 #1129285 #1129291 #1129292 #1129293 #1129294 #1129295 #1129296 #1129326 #1129327 #1129330 #1129363 #1129366 #1129497 #1129519 #1129543 #1129547 #1129551 #1129581 #1129625 #1129664 #1129739 #1129923 #807502 #824948 #828192 #925178 Cross-References: CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 215 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be "ARS-long" rather than "ARS-short" (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a "Lunch Box" check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek "IPMI" device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support "nosharetransport" option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert "block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1051510). - Revert "input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G" (bsc#1051510). - Revert "openvswitch: Fix template leak in error cases." (bsc#1051510). - Revert "scsi: qla2xxx: Fix NVMe Target discovery" (bsc#1125252). - Revert "serial: 8250: Fix clearing FIFOs in RS485 mode again" (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert "xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue" (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete "fake section table" reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-765=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-765=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-765=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-765=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-765=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-765=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-extra-4.12.14-95.13.1 kernel-default-extra-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.13.1 kernel-obs-build-debugsource-4.12.14-95.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.13.1 kernel-default-base-4.12.14-95.13.1 kernel-default-base-debuginfo-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-devel-4.12.14-95.13.1 kernel-syms-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.13.1 kernel-macros-4.12.14-95.13.1 kernel-source-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.13.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_13-default-1-6.7.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.13.1 cluster-md-kmp-default-debuginfo-4.12.14-95.13.1 dlm-kmp-default-4.12.14-95.13.1 dlm-kmp-default-debuginfo-4.12.14-95.13.1 gfs2-kmp-default-4.12.14-95.13.1 gfs2-kmp-default-debuginfo-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 ocfs2-kmp-default-4.12.14-95.13.1 ocfs2-kmp-default-debuginfo-4.12.14-95.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.13.1 kernel-default-debuginfo-4.12.14-95.13.1 kernel-default-debugsource-4.12.14-95.13.1 kernel-default-devel-4.12.14-95.13.1 kernel-default-devel-debuginfo-4.12.14-95.13.1 kernel-default-extra-4.12.14-95.13.1 kernel-default-extra-debuginfo-4.12.14-95.13.1 kernel-syms-4.12.14-95.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.13.1 kernel-macros-4.12.14-95.13.1 kernel-source-4.12.14-95.13.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3819.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-7308.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-8980.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050252 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054610 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1056658 https://bugzilla.suse.com/1056662 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070995 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084216 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1088133 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098382 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098995 https://bugzilla.suse.com/1102055 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106811 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107665 https://bugzilla.suse.com/1108101 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110705 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1113042 https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113939 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117155 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117947 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119766 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120008 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120854 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120909 https://bugzilla.suse.com/1120955 https://bugzilla.suse.com/1121317 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1121789 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122019 https://bugzilla.suse.com/1122159 https://bugzilla.suse.com/1122192 https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122324 https://bugzilla.suse.com/1122554 https://bugzilla.suse.com/1122662 https://bugzilla.suse.com/1122764 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1122927 https://bugzilla.suse.com/1122944 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1122982 https://bugzilla.suse.com/1123060 https://bugzilla.suse.com/1123061 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1123317 https://bugzilla.suse.com/1123348 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123456 https://bugzilla.suse.com/1123538 https://bugzilla.suse.com/1123697 https://bugzilla.suse.com/1123882 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124055 https://bugzilla.suse.com/1124204 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1124579 https://bugzilla.suse.com/1124589 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124969 https://bugzilla.suse.com/1124974 https://bugzilla.suse.com/1124975 https://bugzilla.suse.com/1124976 https://bugzilla.suse.com/1124978 https://bugzilla.suse.com/1124979 https://bugzilla.suse.com/1124980 https://bugzilla.suse.com/1124981 https://bugzilla.suse.com/1124982 https://bugzilla.suse.com/1124984 https://bugzilla.suse.com/1124985 https://bugzilla.suse.com/1125109 https://bugzilla.suse.com/1125125 https://bugzilla.suse.com/1125252 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125614 https://bugzilla.suse.com/1125728 https://bugzilla.suse.com/1125780 https://bugzilla.suse.com/1125797 https://bugzilla.suse.com/1125799 https://bugzilla.suse.com/1125800 https://bugzilla.suse.com/1125907 https://bugzilla.suse.com/1125947 https://bugzilla.suse.com/1126131 https://bugzilla.suse.com/1126209 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126393 https://bugzilla.suse.com/1126476 https://bugzilla.suse.com/1126480 https://bugzilla.suse.com/1126481 https://bugzilla.suse.com/1126488 https://bugzilla.suse.com/1126495 https://bugzilla.suse.com/1126555 https://bugzilla.suse.com/1126579 https://bugzilla.suse.com/1126789 https://bugzilla.suse.com/1126790 https://bugzilla.suse.com/1126802 https://bugzilla.suse.com/1126803 https://bugzilla.suse.com/1126804 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1126806 https://bugzilla.suse.com/1126807 https://bugzilla.suse.com/1127042 https://bugzilla.suse.com/1127062 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127154 https://bugzilla.suse.com/1127285 https://bugzilla.suse.com/1127286 https://bugzilla.suse.com/1127307 https://bugzilla.suse.com/1127363 https://bugzilla.suse.com/1127493 https://bugzilla.suse.com/1127494 https://bugzilla.suse.com/1127495 https://bugzilla.suse.com/1127496 https://bugzilla.suse.com/1127497 https://bugzilla.suse.com/1127498 https://bugzilla.suse.com/1127534 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127567 https://bugzilla.suse.com/1127595 https://bugzilla.suse.com/1127603 https://bugzilla.suse.com/1127682 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127750 https://bugzilla.suse.com/1127836 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128094 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128351 https://bugzilla.suse.com/1128451 https://bugzilla.suse.com/1128895 https://bugzilla.suse.com/1129046 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129163 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129181 https://bugzilla.suse.com/1129182 https://bugzilla.suse.com/1129183 https://bugzilla.suse.com/1129184 https://bugzilla.suse.com/1129205 https://bugzilla.suse.com/1129281 https://bugzilla.suse.com/1129284 https://bugzilla.suse.com/1129285 https://bugzilla.suse.com/1129291 https://bugzilla.suse.com/1129292 https://bugzilla.suse.com/1129293 https://bugzilla.suse.com/1129294 https://bugzilla.suse.com/1129295 https://bugzilla.suse.com/1129296 https://bugzilla.suse.com/1129326 https://bugzilla.suse.com/1129327 https://bugzilla.suse.com/1129330 https://bugzilla.suse.com/1129363 https://bugzilla.suse.com/1129366 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129543 https://bugzilla.suse.com/1129547 https://bugzilla.suse.com/1129551 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129625 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1129739 https://bugzilla.suse.com/1129923 https://bugzilla.suse.com/807502 https://bugzilla.suse.com/824948 https://bugzilla.suse.com/828192 https://bugzilla.suse.com/925178 From sle-updates at lists.suse.com Tue Mar 26 15:01:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Mar 2019 22:01:09 +0100 (CET) Subject: SUSE-RU-2019:0750-1: moderate: Recommended update for ceph Message-ID: <20190326210109.B0152FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0750-1 Rating: moderate References: #1112833 #1126423 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ceph fixes the following issues: Updated to version 12.2.11-566-g896835fd74: * see https://ceph.com/releases/v12-2-11-luminous-released/ for the full release notes * crushtool: add --reclassify operation to convert legacy crush maps to use device classes (bsc#1112833) * ceph-volume-client: allow setting mode of CephFS volumes (jsc#SCRD-8258) Additional fixes: * rgw_file: only first subuser can be exported to nfs (bsc#1126423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-750=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-750=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-750=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-750=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-750=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-750=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-750=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs-devel-12.2.11+git.1551961392.896835fd74-2.30.1 librados-devel-12.2.11+git.1551961392.896835fd74-2.30.1 librados-devel-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd-devel-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs-devel-12.2.11+git.1551961392.896835fd74-2.30.1 librados-devel-12.2.11+git.1551961392.896835fd74-2.30.1 librados-devel-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd-devel-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-base-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-base-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-fuse-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-fuse-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mds-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mds-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mgr-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mgr-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mon-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-mon-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-osd-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-osd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-radosgw-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-radosgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-ceph-compat-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python3-ceph-argparse-12.2.11+git.1551961392.896835fd74-2.30.1 python3-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python3-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python3-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-fuse-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-fuse-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-mirror-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-mirror-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-nbd-12.2.11+git.1551961392.896835fd74-2.30.1 rbd-nbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-common-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 ceph-debugsource-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-12.2.11+git.1551961392.896835fd74-2.30.1 libcephfs2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-12.2.11+git.1551961392.896835fd74-2.30.1 librados2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-12.2.11+git.1551961392.896835fd74-2.30.1 libradosstriper1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-12.2.11+git.1551961392.896835fd74-2.30.1 librbd1-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-12.2.11+git.1551961392.896835fd74-2.30.1 librgw2-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-12.2.11+git.1551961392.896835fd74-2.30.1 python-cephfs-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-12.2.11+git.1551961392.896835fd74-2.30.1 python-rados-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-12.2.11+git.1551961392.896835fd74-2.30.1 python-rbd-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-12.2.11+git.1551961392.896835fd74-2.30.1 python-rgw-debuginfo-12.2.11+git.1551961392.896835fd74-2.30.1 References: https://bugzilla.suse.com/1112833 https://bugzilla.suse.com/1126423 From sle-updates at lists.suse.com Wed Mar 27 08:09:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:09:47 +0100 (CET) Subject: SUSE-SU-2019:0775-1: moderate: Security update for ntp Message-ID: <20190327140947.D0027FF2D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0775-1 Rating: moderate References: #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-775=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p13-46.32.1 ntp-debuginfo-4.2.8p13-46.32.1 ntp-debugsource-4.2.8p13-46.32.1 ntp-doc-4.2.8p13-46.32.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1128525 From sle-updates at lists.suse.com Wed Mar 27 08:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:10:28 +0100 (CET) Subject: SUSE-SU-2019:0767-1: important: Security update for the Linux Kernel Message-ID: <20190327141028.46FC7FF2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0767-1 Rating: important References: #1046305 #1046306 #1050252 #1050549 #1051510 #1054610 #1055121 #1056658 #1056662 #1056787 #1060463 #1063638 #1065600 #1070995 #1071995 #1078355 #1082943 #1083548 #1083647 #1084216 #1086095 #1086282 #1086301 #1086313 #1086314 #1086323 #1087082 #1087092 #1088133 #1094555 #1098382 #1098425 #1098995 #1103429 #1104353 #1106105 #1106434 #1106811 #1107078 #1107665 #1108101 #1108870 #1109695 #1110096 #1110705 #1111666 #1113042 #1113712 #1113722 #1113939 #1114279 #1114585 #1114893 #1117108 #1117155 #1117645 #1117947 #1118338 #1119019 #1119086 #1119766 #1119843 #1120008 #1120318 #1120601 #1120758 #1120854 #1120902 #1120909 #1120955 #1121317 #1121726 #1121789 #1121805 #1122159 #1122192 #1122324 #1122554 #1122662 #1122764 #1122779 #1122822 #1122885 #1122927 #1122944 #1122971 #1122982 #1123060 #1123061 #1123161 #1123317 #1123348 #1123357 #1123456 #1123538 #1123697 #1123882 #1123933 #1124055 #1124204 #1124235 #1124579 #1124589 #1124728 #1124732 #1124735 #1124969 #1124974 #1124975 #1124976 #1124978 #1124979 #1124980 #1124981 #1124982 #1124984 #1124985 #1125109 #1125125 #1125252 #1125315 #1125614 #1125728 #1125780 #1125797 #1125799 #1125800 #1125907 #1125947 #1126131 #1126209 #1126284 #1126389 #1126393 #1126476 #1126480 #1126481 #1126488 #1126495 #1126555 #1126579 #1126789 #1126790 #1126802 #1126803 #1126804 #1126805 #1126806 #1126807 #1127042 #1127062 #1127081 #1127082 #1127154 #1127285 #1127286 #1127307 #1127363 #1127493 #1127494 #1127495 #1127496 #1127497 #1127498 #1127534 #1127561 #1127567 #1127577 #1127595 #1127603 #1127682 #1127731 #1127750 #1127836 #1127961 #1128094 #1128166 #1128351 #1128378 #1128451 #1128895 #1129016 #1129046 #1129080 #1129163 #1129179 #1129181 #1129182 #1129183 #1129184 #1129205 #1129281 #1129284 #1129285 #1129291 #1129292 #1129293 #1129294 #1129295 #1129296 #1129326 #1129327 #1129330 #1129363 #1129366 #1129497 #1129519 #1129543 #1129547 #1129551 #1129581 #1129625 #1129664 #1129739 #1129923 #807502 #828192 Cross-References: CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 205 fixes is now available. Description: The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which led to a use-after-free in sockfs_setattr (bnc#1125907 1126284). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728). - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be "ARS-long" rather than "ARS-short" (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a "Lunch Box" check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - add mainline tags for two hyperv iommu patches - Adjust a commit id in a nvme patch to make our scripts happy - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Remove the useless API vmbus_get_outgoing_channel() (bsc#1127577). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - Enable livepatch test drivers in lib/ Livepatch kselftests need those. - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv_uio_generic: map ringbuffer phys addr (bsc#1127577). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - hyperv/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - ib/core: Destroy QP if XRC QP fails (bsc#1046306). - ib/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - ib/core: Unregister notifier before freeing MAD security (bsc#1046306). - ib/hfi1: Close race condition on user context disable and close (bsc#1060463). - ib/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek "IPMI" device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kABI: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kABI: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kABI: protect struct sctp_association (kabi). - kABI: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kABI: protect struct smc_link (bnc#1117947, LTC#173662). - kABI: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - lsm: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support "nosharetransport" option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert "block: fail op_is_write() requests to (bsc#1125252). - pci: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - pci: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Reenable iscsi_tcp module (bsc#1127081) - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - remove 2 entries since now we have them, 744889b7cbb56a64f957e65ade7cb65fe3f35714 1adfc5e4136f5967d591c399aff95b3b035f16b7 - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Remove conditional support for SMB2 and SMB3: - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1051510). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bsc#1051510). - Revert "openvswitch: Fix template leak in error cases." (bsc#1051510). - Revert "rpm/kernel-binary.spec.in: rename kGraft to KLP ()" This reverts commit f84e065a0c26b5f0777e94ceb67dd494bb7b4d2f. The patch should not have gone to SLE12-SP4. SLE12-SP4 still follows kGraft naming. - Revert "scsi: qla2xxx: Fix NVMe Target discovery" (bsc#1125252). - Revert "sd: disable logical block provisioning if 'lbpme' is not set" This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream. - Revert "serial: 8250: Fix clearing FIFOs in RS485 mode again" (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert "xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue" (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts/git_sort/git_sort.py: Add s390/linux.git fixes. - scripts/git_sort/git_sort.py: add vfs "fixes" branch - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - SCSI: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - [SMB3] Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - [SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - supported.conf - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - Thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - uio_hv_generic: defer opening vmbus until first use (bsc#1127577). - uio_hv_generic: set callbacks on open (bsc#1127577). - uio: introduce UIO_MEM_IOVA (bsc#1127577). - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmbus: fix subchannel removal (bsc#1127577). - vmbus: keep pointer to ring buffer page (bsc#1127577). - vmbus: pass channel to hv_process_channel_removal (bsc#1127577). - vmbus: split ring buffer allocation from open (bsc#1127577). - VMCI: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - VSOCK: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete "fake section table" reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-767=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.9.1 kernel-source-azure-4.12.14-6.9.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.9.1 kernel-azure-base-4.12.14-6.9.1 kernel-azure-base-debuginfo-4.12.14-6.9.1 kernel-azure-debuginfo-4.12.14-6.9.1 kernel-azure-debugsource-4.12.14-6.9.1 kernel-azure-devel-4.12.14-6.9.1 kernel-syms-azure-4.12.14-6.9.1 References: https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3819.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-7308.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-8980.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050252 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054610 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1056658 https://bugzilla.suse.com/1056662 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070995 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084216 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1088133 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098382 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098995 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106811 https://bugzilla.suse.com/1107078 https://bugzilla.suse.com/1107665 https://bugzilla.suse.com/1108101 https://bugzilla.suse.com/1108870 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1110705 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1113042 https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113939 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117155 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117947 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119766 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120008 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120854 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120909 https://bugzilla.suse.com/1120955 https://bugzilla.suse.com/1121317 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1121789 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122159 https://bugzilla.suse.com/1122192 https://bugzilla.suse.com/1122324 https://bugzilla.suse.com/1122554 https://bugzilla.suse.com/1122662 https://bugzilla.suse.com/1122764 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1122927 https://bugzilla.suse.com/1122944 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1122982 https://bugzilla.suse.com/1123060 https://bugzilla.suse.com/1123061 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1123317 https://bugzilla.suse.com/1123348 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123456 https://bugzilla.suse.com/1123538 https://bugzilla.suse.com/1123697 https://bugzilla.suse.com/1123882 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124055 https://bugzilla.suse.com/1124204 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1124579 https://bugzilla.suse.com/1124589 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124969 https://bugzilla.suse.com/1124974 https://bugzilla.suse.com/1124975 https://bugzilla.suse.com/1124976 https://bugzilla.suse.com/1124978 https://bugzilla.suse.com/1124979 https://bugzilla.suse.com/1124980 https://bugzilla.suse.com/1124981 https://bugzilla.suse.com/1124982 https://bugzilla.suse.com/1124984 https://bugzilla.suse.com/1124985 https://bugzilla.suse.com/1125109 https://bugzilla.suse.com/1125125 https://bugzilla.suse.com/1125252 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125614 https://bugzilla.suse.com/1125728 https://bugzilla.suse.com/1125780 https://bugzilla.suse.com/1125797 https://bugzilla.suse.com/1125799 https://bugzilla.suse.com/1125800 https://bugzilla.suse.com/1125907 https://bugzilla.suse.com/1125947 https://bugzilla.suse.com/1126131 https://bugzilla.suse.com/1126209 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126393 https://bugzilla.suse.com/1126476 https://bugzilla.suse.com/1126480 https://bugzilla.suse.com/1126481 https://bugzilla.suse.com/1126488 https://bugzilla.suse.com/1126495 https://bugzilla.suse.com/1126555 https://bugzilla.suse.com/1126579 https://bugzilla.suse.com/1126789 https://bugzilla.suse.com/1126790 https://bugzilla.suse.com/1126802 https://bugzilla.suse.com/1126803 https://bugzilla.suse.com/1126804 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1126806 https://bugzilla.suse.com/1126807 https://bugzilla.suse.com/1127042 https://bugzilla.suse.com/1127062 https://bugzilla.suse.com/1127081 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127154 https://bugzilla.suse.com/1127285 https://bugzilla.suse.com/1127286 https://bugzilla.suse.com/1127307 https://bugzilla.suse.com/1127363 https://bugzilla.suse.com/1127493 https://bugzilla.suse.com/1127494 https://bugzilla.suse.com/1127495 https://bugzilla.suse.com/1127496 https://bugzilla.suse.com/1127497 https://bugzilla.suse.com/1127498 https://bugzilla.suse.com/1127534 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127567 https://bugzilla.suse.com/1127577 https://bugzilla.suse.com/1127595 https://bugzilla.suse.com/1127603 https://bugzilla.suse.com/1127682 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127750 https://bugzilla.suse.com/1127836 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128094 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128351 https://bugzilla.suse.com/1128378 https://bugzilla.suse.com/1128451 https://bugzilla.suse.com/1128895 https://bugzilla.suse.com/1129016 https://bugzilla.suse.com/1129046 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129163 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129181 https://bugzilla.suse.com/1129182 https://bugzilla.suse.com/1129183 https://bugzilla.suse.com/1129184 https://bugzilla.suse.com/1129205 https://bugzilla.suse.com/1129281 https://bugzilla.suse.com/1129284 https://bugzilla.suse.com/1129285 https://bugzilla.suse.com/1129291 https://bugzilla.suse.com/1129292 https://bugzilla.suse.com/1129293 https://bugzilla.suse.com/1129294 https://bugzilla.suse.com/1129295 https://bugzilla.suse.com/1129296 https://bugzilla.suse.com/1129326 https://bugzilla.suse.com/1129327 https://bugzilla.suse.com/1129330 https://bugzilla.suse.com/1129363 https://bugzilla.suse.com/1129366 https://bugzilla.suse.com/1129497 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129543 https://bugzilla.suse.com/1129547 https://bugzilla.suse.com/1129551 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129625 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1129739 https://bugzilla.suse.com/1129923 https://bugzilla.suse.com/807502 https://bugzilla.suse.com/828192 From sle-updates at lists.suse.com Wed Mar 27 08:22:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:22:00 +0100 (CET) Subject: SUSE-SU-2019:0771-1: moderate: Security update for gd Message-ID: <20190327142200.EC993FF2D@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0771-1 Rating: moderate References: #1123361 #1123522 Cross-References: CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-771=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-771=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gd-2.2.5-4.6.1 gd-debuginfo-2.2.5-4.6.1 gd-debugsource-2.2.5-4.6.1 gd-devel-2.2.5-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-4.6.1 gd-debugsource-2.2.5-4.6.1 libgd3-2.2.5-4.6.1 libgd3-debuginfo-2.2.5-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1123361 https://bugzilla.suse.com/1123522 From sle-updates at lists.suse.com Wed Mar 27 08:22:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:22:46 +0100 (CET) Subject: SUSE-SU-2019:0766-1: moderate: Security update for ovmf Message-ID: <20190327142246.3F271FF2D@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0766-1 Rating: moderate References: #1128503 #1130267 Cross-References: CVE-2018-12181 CVE-2019-0160 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267). - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-766=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-766=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.13.1 ovmf-tools-2017+git1510945757.b2662641d5-3.13.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.13.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-12181.html https://www.suse.com/security/cve/CVE-2019-0160.html https://bugzilla.suse.com/1128503 https://bugzilla.suse.com/1130267 From sle-updates at lists.suse.com Wed Mar 27 08:23:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:23:29 +0100 (CET) Subject: SUSE-SU-2019:0770-1: moderate: Security update for libcaca Message-ID: <20190327142329.B32AEFF2D@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0770-1 Rating: moderate References: #1120470 #1120502 #1120503 #1120504 #1120584 #1120589 Cross-References: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for libcaca fixes the following issues: Security issues fixed: - CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) - CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503) - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504) - CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589) - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-770=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-770=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.3.7 libcaca-devel-0.99.beta19.git20171003-3.3.7 libcaca0-0.99.beta19.git20171003-3.3.7 libcaca0-debuginfo-0.99.beta19.git20171003-3.3.7 libcaca0-plugins-0.99.beta19.git20171003-3.3.7 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.3.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): caca-utils-0.99.beta19.git20171003-3.3.7 caca-utils-debuginfo-0.99.beta19.git20171003-3.3.7 libcaca-debugsource-0.99.beta19.git20171003-3.3.7 libcaca-ruby-0.99.beta19.git20171003-3.3.7 libcaca-ruby-debuginfo-0.99.beta19.git20171003-3.3.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-caca-0.99.beta19.git20171003-3.3.7 References: https://www.suse.com/security/cve/CVE-2018-20544.html https://www.suse.com/security/cve/CVE-2018-20545.html https://www.suse.com/security/cve/CVE-2018-20546.html https://www.suse.com/security/cve/CVE-2018-20547.html https://www.suse.com/security/cve/CVE-2018-20548.html https://www.suse.com/security/cve/CVE-2018-20549.html https://bugzilla.suse.com/1120470 https://bugzilla.suse.com/1120502 https://bugzilla.suse.com/1120503 https://bugzilla.suse.com/1120504 https://bugzilla.suse.com/1120584 https://bugzilla.suse.com/1120589 From sle-updates at lists.suse.com Wed Mar 27 08:24:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:24:43 +0100 (CET) Subject: SUSE-SU-2019:0777-1: moderate: Security update for ntp Message-ID: <20190327142443.4123EFF2D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0777-1 Rating: moderate References: #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-777=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-777=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ntp-debuginfo-4.2.8p13-4.6.1 ntp-debugsource-4.2.8p13-4.6.1 ntp-doc-4.2.8p13-4.6.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p13-4.6.1 ntp-debuginfo-4.2.8p13-4.6.1 ntp-debugsource-4.2.8p13-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1128525 From sle-updates at lists.suse.com Wed Mar 27 08:25:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:25:17 +0100 (CET) Subject: SUSE-SU-2019:13989-1: moderate: Security update for grub2 Message-ID: <20190327142517.96D3DFF2D@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13989-1 Rating: moderate References: #1045063 #1124662 Cross-References: CVE-2017-9763 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: Security issue fixed: - CVE-2017-9763: Fixed a memory leak in grub_ext2_read_block (bsc#1045063) Other issues addressed: - Added support for tftp block counter roll-over and backported support for efinetSNP open (bsc#1124662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-grub2-13989=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-13989=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): grub2-x86_64-efi-2.00-0.66.8.1 grub2-x86_64-xen-2.00-0.66.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.8.1 grub2-debugsource-2.00-0.66.8.1 References: https://www.suse.com/security/cve/CVE-2017-9763.html https://bugzilla.suse.com/1045063 https://bugzilla.suse.com/1124662 From sle-updates at lists.suse.com Wed Mar 27 08:26:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:26:06 +0100 (CET) Subject: SUSE-SU-2019:13990-1: moderate: Security update for wavpack Message-ID: <20190327142606.A54CCFF2D@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13990-1 Rating: moderate References: #1120930 Cross-References: CVE-2018-19840 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wavpack-13990=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wavpack-13990=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wavpack-13990=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wavpack-4.50.1-1.30.1 wavpack-devel-4.50.1-1.30.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwavpack1-4.50.1-1.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wavpack-debuginfo-4.50.1-1.30.1 wavpack-debugsource-4.50.1-1.30.1 References: https://www.suse.com/security/cve/CVE-2018-19840.html https://bugzilla.suse.com/1120930 From sle-updates at lists.suse.com Wed Mar 27 08:26:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:26:49 +0100 (CET) Subject: SUSE-SU-2019:13992-1: moderate: Security update for libmspack Message-ID: <20190327142649.8702DFF2D@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13992-1 Rating: moderate References: #1113038 #1113039 Cross-References: CVE-2018-18584 CVE-2018-18585 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the "/\0" name). (bsc#1113039) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libmspack-13992=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libmspack-13992=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libmspack-13992=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack-devel-0.0.20060920alpha-74.11.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack0-0.0.20060920alpha-74.11.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack-debuginfo-0.0.20060920alpha-74.11.6.1 libmspack-debugsource-0.0.20060920alpha-74.11.6.1 References: https://www.suse.com/security/cve/CVE-2018-18584.html https://www.suse.com/security/cve/CVE-2018-18585.html https://bugzilla.suse.com/1113038 https://bugzilla.suse.com/1113039 From sle-updates at lists.suse.com Wed Mar 27 08:27:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:27:37 +0100 (CET) Subject: SUSE-SU-2019:0772-1: moderate: Security update for wavpack Message-ID: <20190327142737.1C95AFF2D@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0772-1 Rating: moderate References: #1120929 #1120930 Cross-References: CVE-2018-19840 CVE-2018-19841 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) - CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-772=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-772=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wavpack-5.1.0-4.3.5 wavpack-debuginfo-5.1.0-4.3.5 wavpack-debugsource-5.1.0-4.3.5 wavpack-devel-5.1.0-4.3.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwavpack1-5.1.0-4.3.5 libwavpack1-debuginfo-5.1.0-4.3.5 wavpack-debuginfo-5.1.0-4.3.5 wavpack-debugsource-5.1.0-4.3.5 References: https://www.suse.com/security/cve/CVE-2018-19840.html https://www.suse.com/security/cve/CVE-2018-19841.html https://bugzilla.suse.com/1120929 https://bugzilla.suse.com/1120930 From sle-updates at lists.suse.com Wed Mar 27 08:28:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:28:29 +0100 (CET) Subject: SUSE-SU-2019:0776-1: moderate: Security update for w3m Message-ID: <20190327142829.22D75FF2D@maintenance.suse.de> SUSE Security Update: Security update for w3m ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0776-1 Rating: moderate References: #1077559 #1077568 #1077572 Cross-References: CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-776=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-776=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-776=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-776=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): w3m-0.5.3.git20161120-161.3.4 w3m-debuginfo-0.5.3.git20161120-161.3.4 w3m-debugsource-0.5.3.git20161120-161.3.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): w3m-0.5.3.git20161120-161.3.4 w3m-debuginfo-0.5.3.git20161120-161.3.4 w3m-debugsource-0.5.3.git20161120-161.3.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): w3m-0.5.3.git20161120-161.3.4 w3m-debuginfo-0.5.3.git20161120-161.3.4 w3m-debugsource-0.5.3.git20161120-161.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): w3m-0.5.3.git20161120-161.3.4 w3m-debuginfo-0.5.3.git20161120-161.3.4 w3m-debugsource-0.5.3.git20161120-161.3.4 References: https://www.suse.com/security/cve/CVE-2018-6196.html https://www.suse.com/security/cve/CVE-2018-6197.html https://www.suse.com/security/cve/CVE-2018-6198.html https://bugzilla.suse.com/1077559 https://bugzilla.suse.com/1077568 https://bugzilla.suse.com/1077572 From sle-updates at lists.suse.com Wed Mar 27 08:29:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 15:29:23 +0100 (CET) Subject: SUSE-SU-2019:13991-1: moderate: Security update for ntp Message-ID: <20190327142923.E83D1FF2D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13991-1 Rating: moderate References: #1001182 #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13991=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13991=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p13-64.13.1 ntp-doc-4.2.8p13-64.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p13-64.13.1 ntp-debugsource-4.2.8p13-64.13.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1001182 https://bugzilla.suse.com/1128525 From sle-updates at lists.suse.com Wed Mar 27 11:09:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Mar 2019 18:09:30 +0100 (CET) Subject: SUSE-RU-2019:0782-1: moderate: Recommended update for os-prober Message-ID: <20190327170930.6F416FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for os-prober ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0782-1 Rating: moderate References: #1026766 #1101942 #1113615 #1118279 #1125729 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for os-prober fixes the following issues: Version bump to 1.76: * Fix check on ID_PART_ENTRY_SCHEME, to look for "dos" instead of "msdos" * Remove code using device mapper * This also removes the dependency on dmsetup - os-prober isn't compatible with transactional update (bsc#1125729) - Don't hard require btrfsprogs by downgrading it to suggests (bsc#1118279) - Fix missing grub-probe command that caused linux-boot-probe to abort prematurely. It is a mistake while rebasing patch to 1.76 (bsc#1113615) - UEFI Grub does not insert Arch Linux entry correctly (bsc#1101942) - Rather than Recommend lvm2 merely Suggest it. (bsc#1026766) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-782=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): os-prober-1.76-5.3.1 os-prober-debuginfo-1.76-5.3.1 os-prober-debugsource-1.76-5.3.1 References: https://bugzilla.suse.com/1026766 https://bugzilla.suse.com/1101942 https://bugzilla.suse.com/1113615 https://bugzilla.suse.com/1118279 https://bugzilla.suse.com/1125729 From sle-updates at lists.suse.com Wed Mar 27 20:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 03:11:44 +0100 (CET) Subject: SUSE-RU-2019:0780-1: moderate: Recommended update for LibVNCServer Message-ID: <20190328021144.0674AF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0780-1 Rating: moderate References: #1123805 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for LibVNCServer fixes the following issues: - remmina can not connect to vnc server (bsc#1123805) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-780=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-780=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-780=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): LibVNCServer-debugsource-0.9.10-4.9.1 libvncclient0-0.9.10-4.9.1 libvncclient0-debuginfo-0.9.10-4.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.9.1 libvncserver0-0.9.10-4.9.1 libvncserver0-debuginfo-0.9.10-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.9.1 LibVNCServer-devel-0.9.10-4.9.1 libvncserver0-0.9.10-4.9.1 libvncserver0-debuginfo-0.9.10-4.9.1 References: https://bugzilla.suse.com/1123805 From sle-updates at lists.suse.com Wed Mar 27 20:12:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 03:12:24 +0100 (CET) Subject: SUSE-RU-2019:0779-1: moderate: Recommended update for xorgxrdp Message-ID: <20190328021224.9C042F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorgxrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0779-1 Rating: moderate References: #1103556 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorgxrdp fixes the following issues: - Failed to load module xorgxrdp (bsc#1103556). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-779=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): xorgxrdp-0.2.6-3.3.1 xorgxrdp-debuginfo-0.2.6-3.3.1 xorgxrdp-debugsource-0.2.6-3.3.1 References: https://bugzilla.suse.com/1103556 From sle-updates at lists.suse.com Wed Mar 27 20:13:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 03:13:02 +0100 (CET) Subject: SUSE-SU-2019:13993-1: moderate: Security update for ImageMagick Message-ID: <20190328021302.E0BC7F7BB@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13993-1 Rating: moderate References: #1106989 #1106996 #1113064 #1120381 #1124365 #1124366 #1128649 Cross-References: CVE-2018-16412 CVE-2018-16413 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13993=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13993=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ImageMagick-13993=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13993=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.92.1 ImageMagick-devel-6.4.3.6-78.92.1 libMagick++-devel-6.4.3.6-78.92.1 libMagick++1-6.4.3.6-78.92.1 libMagickWand1-6.4.3.6-78.92.1 perl-PerlMagick-6.4.3.6-78.92.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.92.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.92.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.92.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libMagickCore1-6.4.3.6-78.92.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.92.1 ImageMagick-debugsource-6.4.3.6-78.92.1 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-18544.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1113064 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1128649 From sle-updates at lists.suse.com Thu Mar 28 11:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:10:24 +0100 (CET) Subject: SUSE-SU-2019:0795-1: moderate: Security update for liblouis Message-ID: <20190328171024.BDBE910127@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0795-1 Rating: moderate References: #1094685 #1095189 #1095825 #1095826 #1095827 #1095945 #1097103 #1109319 Cross-References: CVE-2018-11410 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 CVE-2018-17294 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for liblouis fixes the following issues: Security issues fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). - CVE-2018-11410: Fixed an invalid free in the compileRule function in compileTranslationTable.c (bsc#1094685) - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189) - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945) - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827) - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-795=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-795=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.3.0-4.5.1 liblouis-debugsource-3.3.0-4.5.1 liblouis-doc-3.3.0-4.5.1 liblouis-tools-3.3.0-4.5.1 liblouis-tools-debuginfo-3.3.0-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): liblouis-data-3.3.0-4.5.1 liblouis-debuginfo-3.3.0-4.5.1 liblouis-debugsource-3.3.0-4.5.1 liblouis-devel-3.3.0-4.5.1 liblouis14-3.3.0-4.5.1 liblouis14-debuginfo-3.3.0-4.5.1 python3-louis-3.3.0-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-11410.html https://www.suse.com/security/cve/CVE-2018-11440.html https://www.suse.com/security/cve/CVE-2018-11577.html https://www.suse.com/security/cve/CVE-2018-11683.html https://www.suse.com/security/cve/CVE-2018-11684.html https://www.suse.com/security/cve/CVE-2018-11685.html https://www.suse.com/security/cve/CVE-2018-12085.html https://www.suse.com/security/cve/CVE-2018-17294.html https://bugzilla.suse.com/1094685 https://bugzilla.suse.com/1095189 https://bugzilla.suse.com/1095825 https://bugzilla.suse.com/1095826 https://bugzilla.suse.com/1095827 https://bugzilla.suse.com/1095945 https://bugzilla.suse.com/1097103 https://bugzilla.suse.com/1109319 From sle-updates at lists.suse.com Thu Mar 28 11:13:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:13:44 +0100 (CET) Subject: SUSE-RU-2019:0790-1: moderate: Recommended update for timezone Message-ID: <20190328171344.4F77510127@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0790-1 Rating: moderate References: #1130557 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine "springs forward" on 2019-03-30 instead of 2019-03-23 * Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-790=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2019a-3.17.1 timezone-debuginfo-2019a-3.17.1 timezone-debugsource-2019a-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2019a-3.17.1 References: https://bugzilla.suse.com/1130557 From sle-updates at lists.suse.com Thu Mar 28 11:15:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:15:20 +0100 (CET) Subject: SUSE-SU-2019:0789-1: moderate: Security update for ntp Message-ID: <20190328171520.869D710127@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0789-1 Rating: moderate References: #1125401 #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-789=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-789=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-789=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-789=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-789=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-789=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-789=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-789=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-789=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-789=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-789=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE Enterprise Storage 4 (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 ntp-doc-4.2.8p13-85.1 - SUSE CaaS Platform ALL (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 - SUSE CaaS Platform 3.0 (x86_64): ntp-4.2.8p13-85.1 ntp-debuginfo-4.2.8p13-85.1 ntp-debugsource-4.2.8p13-85.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1128525 From sle-updates at lists.suse.com Thu Mar 28 11:16:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:16:16 +0100 (CET) Subject: SUSE-RU-2019:0797-1: moderate: Recommended update for apache2 Message-ID: <20190328171616.AE37F10127@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0797-1 Rating: moderate References: #1125965 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - mod_httpd2 HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (bsc#1125965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-797=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-797=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-797=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-797=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.37.1 apache2-debugsource-2.4.23-29.37.1 apache2-devel-2.4.23-29.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.37.1 apache2-debugsource-2.4.23-29.37.1 apache2-devel-2.4.23-29.37.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.37.1 apache2-debuginfo-2.4.23-29.37.1 apache2-debugsource-2.4.23-29.37.1 apache2-example-pages-2.4.23-29.37.1 apache2-prefork-2.4.23-29.37.1 apache2-prefork-debuginfo-2.4.23-29.37.1 apache2-utils-2.4.23-29.37.1 apache2-utils-debuginfo-2.4.23-29.37.1 apache2-worker-2.4.23-29.37.1 apache2-worker-debuginfo-2.4.23-29.37.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.37.1 apache2-debuginfo-2.4.23-29.37.1 apache2-debugsource-2.4.23-29.37.1 apache2-example-pages-2.4.23-29.37.1 apache2-prefork-2.4.23-29.37.1 apache2-prefork-debuginfo-2.4.23-29.37.1 apache2-utils-2.4.23-29.37.1 apache2-utils-debuginfo-2.4.23-29.37.1 apache2-worker-2.4.23-29.37.1 apache2-worker-debuginfo-2.4.23-29.37.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.37.1 References: https://bugzilla.suse.com/1125965 From sle-updates at lists.suse.com Thu Mar 28 11:17:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:17:01 +0100 (CET) Subject: SUSE-SU-2019:0787-1: moderate: Security update for openssl-1_1 Message-ID: <20190328171701.3359010127@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0787-1 Rating: moderate References: #1128189 Cross-References: CVE-2019-1543 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-787=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-787=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-787=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1-2.9.1 openssl-1_1-debuginfo-1.1.1-2.9.1 openssl-1_1-debugsource-1.1.1-2.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1-2.9.1 libopenssl1_1-debuginfo-1.1.1-2.9.1 openssl-1_1-debuginfo-1.1.1-2.9.1 openssl-1_1-debugsource-1.1.1-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_1-32bit-1.1.1-2.9.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl1_1-1.1.1-2.9.1 libopenssl1_1-32bit-1.1.1-2.9.1 libopenssl1_1-debuginfo-1.1.1-2.9.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.9.1 openssl-1_1-debuginfo-1.1.1-2.9.1 openssl-1_1-debugsource-1.1.1-2.9.1 References: https://www.suse.com/security/cve/CVE-2019-1543.html https://bugzilla.suse.com/1128189 From sle-updates at lists.suse.com Thu Mar 28 11:17:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:17:40 +0100 (CET) Subject: SUSE-RU-2019:0796-1: moderate: Recommended update for mdadm Message-ID: <20190328171740.CD5A410127@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0796-1 Rating: moderate References: #1095141 #1100864 #1112272 #1116337 #1123814 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Fixes a typo in new udev rule (bsc#1116337) - Device names were truncated when calling 'mdadm --detail --export' (bsc#1123814) - Fixes an issue when assemble an md array with huge numbers of DASD devices (bsc#1100864, bsc#1095141) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-796=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-796=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.0-6.24.1 mdadm-debuginfo-4.0-6.24.1 mdadm-debugsource-4.0-6.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mdadm-4.0-6.24.1 mdadm-debuginfo-4.0-6.24.1 mdadm-debugsource-4.0-6.24.1 References: https://bugzilla.suse.com/1095141 https://bugzilla.suse.com/1100864 https://bugzilla.suse.com/1112272 https://bugzilla.suse.com/1116337 https://bugzilla.suse.com/1123814 From sle-updates at lists.suse.com Thu Mar 28 11:19:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:19:08 +0100 (CET) Subject: SUSE-RU-2019:0792-1: moderate: Recommended update for cmake Message-ID: <20190328171908.39E7810127@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmake ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0792-1 Rating: moderate References: #1129024 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmake fixes the following issues: - Add support for %cmake_build macro for compat with newer systems (bsc#1129024) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-792=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-792=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cmake-gui-3.10.2-3.3.2 cmake-gui-debuginfo-3.10.2-3.3.2 cmake-gui-debugsource-3.10.2-3.3.2 cmake-man-3.10.2-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cmake-3.10.2-3.3.2 cmake-debuginfo-3.10.2-3.3.2 cmake-debugsource-3.10.2-3.3.2 References: https://bugzilla.suse.com/1129024 From sle-updates at lists.suse.com Thu Mar 28 11:19:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:19:50 +0100 (CET) Subject: SUSE-SU-2019:0786-1: moderate: Security update for tiff Message-ID: <20190328171950.047DB10127@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0786-1 Rating: moderate References: #1108606 #1115717 #1121626 #1125113 Cross-References: CVE-2018-17000 CVE-2018-19210 CVE-2019-6128 CVE-2019-7663 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717). - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-786=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-786=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-786=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-786=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.27.5 tiff-debuginfo-4.0.9-5.27.5 tiff-debugsource-4.0.9-5.27.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.27.5 tiff-debuginfo-4.0.9-5.27.5 tiff-debugsource-4.0.9-5.27.5 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtiff5-32bit-4.0.9-5.27.5 libtiff5-32bit-debuginfo-4.0.9-5.27.5 tiff-debugsource-4.0.9-5.27.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.27.5 libtiff5-4.0.9-5.27.5 libtiff5-debuginfo-4.0.9-5.27.5 tiff-debuginfo-4.0.9-5.27.5 tiff-debugsource-4.0.9-5.27.5 References: https://www.suse.com/security/cve/CVE-2018-17000.html https://www.suse.com/security/cve/CVE-2018-19210.html https://www.suse.com/security/cve/CVE-2019-6128.html https://www.suse.com/security/cve/CVE-2019-7663.html https://bugzilla.suse.com/1108606 https://bugzilla.suse.com/1115717 https://bugzilla.suse.com/1121626 https://bugzilla.suse.com/1125113 From sle-updates at lists.suse.com Thu Mar 28 11:21:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:21:06 +0100 (CET) Subject: SUSE-RU-2019:0791-1: moderate: Security update for libnettle Message-ID: <20190328172106.473E010127@maintenance.suse.de> SUSE Recommended Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0791-1 Rating: moderate References: #1129598 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-791=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-791=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-791=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnettle-debugsource-3.4.1-4.7.3 nettle-3.4.1-4.7.3 nettle-debuginfo-3.4.1-4.7.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libnettle-devel-32bit-3.4.1-4.7.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libhogweed4-32bit-3.4.1-4.7.3 libhogweed4-32bit-debuginfo-3.4.1-4.7.3 libnettle-debugsource-3.4.1-4.7.3 libnettle6-32bit-3.4.1-4.7.3 libnettle6-32bit-debuginfo-3.4.1-4.7.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libhogweed4-3.4.1-4.7.3 libhogweed4-debuginfo-3.4.1-4.7.3 libnettle-debugsource-3.4.1-4.7.3 libnettle-devel-3.4.1-4.7.3 libnettle6-3.4.1-4.7.3 libnettle6-debuginfo-3.4.1-4.7.3 References: https://bugzilla.suse.com/1129598 From sle-updates at lists.suse.com Thu Mar 28 11:21:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Mar 2019 18:21:58 +0100 (CET) Subject: SUSE-RU-2019:0794-1: moderate: Recommended update for krb5 Message-ID: <20190328172158.5965F10127@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0794-1 Rating: moderate References: #1087481 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issues: - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to suppress sending the confidentiality and integrity flags in GSS initiator tokens unless they are requested by the caller. These flags control the negotiated SASL security layer for the Microsoft GSS-SPNEGO SASL mechanism. (bsc#1087481). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-794=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-794=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-794=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-794=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-794=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-794=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-794=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-devel-1.12.5-40.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-devel-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): krb5-32bit-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 krb5-doc-1.12.5-40.34.1 krb5-plugin-kdb-ldap-1.12.5-40.34.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-otp-1.12.5-40.34.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-1.12.5-40.34.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.34.1 krb5-server-1.12.5-40.34.1 krb5-server-debuginfo-1.12.5-40.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): krb5-32bit-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): krb5-1.12.5-40.34.1 krb5-32bit-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): krb5-1.12.5-40.34.1 krb5-32bit-1.12.5-40.34.1 krb5-client-1.12.5-40.34.1 krb5-client-debuginfo-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debuginfo-32bit-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 - SUSE CaaS Platform ALL (x86_64): krb5-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 - SUSE CaaS Platform 3.0 (x86_64): krb5-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): krb5-1.12.5-40.34.1 krb5-debuginfo-1.12.5-40.34.1 krb5-debugsource-1.12.5-40.34.1 References: https://bugzilla.suse.com/1087481 From sle-updates at lists.suse.com Fri Mar 29 05:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 12:09:48 +0100 (CET) Subject: SUSE-RU-2019:0798-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20190329110948.1D509F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0798-1 Rating: moderate References: #1116818 #1124843 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - yast2-hana-update Provides an Easier Way to Upgrade SAP HANA Cluster (FATE#320368 ) - SLES for SAP Identifies as SLES in /etc/os-release (FATE#326973, requested via bsc#1116818) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP3: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP3-2019-798=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-798=1 Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP3 (noarch): release-notes-sles-for-sap-12.3.20190208-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): release-notes-sles-for-sap-12.3.20190208-3.9.1 References: https://bugzilla.suse.com/1116818 https://bugzilla.suse.com/1124843 From sle-updates at lists.suse.com Fri Mar 29 05:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 12:10:31 +0100 (CET) Subject: SUSE-SU-2019:0801-1: important: Security update for the Linux Kernel Message-ID: <20190329111031.7E22FF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0801-1 Rating: important References: #1012382 #1020413 #1065600 #1070767 #1075697 #1082943 #1087092 #1090435 #1102959 #1103429 #1106929 #1109137 #1109248 #1119019 #1119843 #1120691 #1120902 #1121713 #1121805 #1124235 #1125315 #1125446 #1126389 #1126772 #1126773 #1126805 #1127082 #1127155 #1127561 #1127725 #1127731 #1127961 #1128166 #1128452 #1128565 #1128696 #1128756 #1128893 #1129080 #1129179 #1129237 #1129238 #1129239 #1129240 #1129241 #1129413 #1129414 #1129415 #1129416 #1129417 #1129418 #1129419 #1129581 #1129770 #1129923 Cross-References: CVE-2019-2024 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - ax25: fix possible use-after-free (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - input: mms114 - fix license module information (bsc#1087092). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - kabi: protect struct inet_peer (kabi). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - libceph: handle an empty authorize reply (bsc#1126772). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - net: Add header for usage of fls64() (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). - PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - rdma/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase abort timeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - sky2: Increase D3 delay again (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-801=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_176-94_88-default-1-4.9.1 kgraft-patch-4_4_176-94_88-default-debuginfo-1-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070767 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109248 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121713 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126772 https://bugzilla.suse.com/1126773 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127725 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128452 https://bugzilla.suse.com/1128565 https://bugzilla.suse.com/1128696 https://bugzilla.suse.com/1128756 https://bugzilla.suse.com/1128893 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129237 https://bugzilla.suse.com/1129238 https://bugzilla.suse.com/1129239 https://bugzilla.suse.com/1129240 https://bugzilla.suse.com/1129241 https://bugzilla.suse.com/1129413 https://bugzilla.suse.com/1129414 https://bugzilla.suse.com/1129415 https://bugzilla.suse.com/1129416 https://bugzilla.suse.com/1129417 https://bugzilla.suse.com/1129418 https://bugzilla.suse.com/1129419 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129923 From sle-updates at lists.suse.com Fri Mar 29 05:21:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 12:21:06 +0100 (CET) Subject: SUSE-SU-2019:0801-1: important: Security update for the Linux Kernel Message-ID: <20190329112106.6D52BF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0801-1 Rating: important References: #1012382 #1020413 #1065600 #1070767 #1075697 #1082943 #1087092 #1090435 #1102959 #1103429 #1106929 #1109137 #1109248 #1119019 #1119843 #1120691 #1120902 #1121713 #1121805 #1124235 #1125315 #1125446 #1126389 #1126772 #1126773 #1126805 #1127082 #1127155 #1127561 #1127725 #1127731 #1127961 #1128166 #1128452 #1128565 #1128696 #1128756 #1128893 #1129080 #1129179 #1129237 #1129238 #1129239 #1129240 #1129241 #1129413 #1129414 #1129415 #1129416 #1129417 #1129418 #1129419 #1129581 #1129770 #1129923 Cross-References: CVE-2019-2024 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - ax25: fix possible use-after-free (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - input: mms114 - fix license module information (bsc#1087092). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - kabi: protect struct inet_peer (kabi). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - libceph: handle an empty authorize reply (bsc#1126772). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - net: Add header for usage of fls64() (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). - PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - rdma/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase abort timeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - sky2: Increase D3 delay again (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-801=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-801=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-801=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-801=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-801=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-801=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 kernel-default-extra-4.4.176-94.88.1 kernel-default-extra-debuginfo-4.4.176-94.88.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.176-94.88.1 kernel-obs-build-debugsource-4.4.176-94.88.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.176-94.88.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.176-94.88.1 kernel-default-base-4.4.176-94.88.1 kernel-default-base-debuginfo-4.4.176-94.88.1 kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 kernel-default-devel-4.4.176-94.88.1 kernel-syms-4.4.176-94.88.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.176-94.88.1 kernel-macros-4.4.176-94.88.1 kernel-source-4.4.176-94.88.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.176-94.88.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_176-94_88-default-1-4.9.1 kgraft-patch-4_4_176-94_88-default-debuginfo-1-4.9.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.176-94.88.1 cluster-md-kmp-default-debuginfo-4.4.176-94.88.1 dlm-kmp-default-4.4.176-94.88.1 dlm-kmp-default-debuginfo-4.4.176-94.88.1 gfs2-kmp-default-4.4.176-94.88.1 gfs2-kmp-default-debuginfo-4.4.176-94.88.1 kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 ocfs2-kmp-default-4.4.176-94.88.1 ocfs2-kmp-default-debuginfo-4.4.176-94.88.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.176-94.88.1 kernel-macros-4.4.176-94.88.1 kernel-source-4.4.176-94.88.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.176-94.88.1 kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 kernel-default-devel-4.4.176-94.88.1 kernel-default-extra-4.4.176-94.88.1 kernel-default-extra-debuginfo-4.4.176-94.88.1 kernel-syms-4.4.176-94.88.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.176-94.88.1 kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.176-94.88.1 kernel-default-debuginfo-4.4.176-94.88.1 kernel-default-debugsource-4.4.176-94.88.1 References: https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070767 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109248 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121713 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126772 https://bugzilla.suse.com/1126773 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127725 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128452 https://bugzilla.suse.com/1128565 https://bugzilla.suse.com/1128696 https://bugzilla.suse.com/1128756 https://bugzilla.suse.com/1128893 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129237 https://bugzilla.suse.com/1129238 https://bugzilla.suse.com/1129239 https://bugzilla.suse.com/1129240 https://bugzilla.suse.com/1129241 https://bugzilla.suse.com/1129413 https://bugzilla.suse.com/1129414 https://bugzilla.suse.com/1129415 https://bugzilla.suse.com/1129416 https://bugzilla.suse.com/1129417 https://bugzilla.suse.com/1129418 https://bugzilla.suse.com/1129419 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129923 From sle-updates at lists.suse.com Fri Mar 29 05:29:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 12:29:46 +0100 (CET) Subject: SUSE-RU-2019:0799-1: moderate: Recommended update for timezone Message-ID: <20190329112946.6E1A7F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0799-1 Rating: moderate References: #1130557 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: timezone was update to 2019a (bsc#1130557): * Palestine "springs forward" on 2019-03-30 instead of 2019-03-23 * Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-799=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-799=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-799=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-799=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-799=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-799=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-799=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-799=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-799=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-799=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-799=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-799=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-799=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE OpenStack Cloud 7 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): timezone-java-2019a-0.74.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Enterprise Storage 4 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE Enterprise Storage 4 (noarch): timezone-java-2019a-0.74.23.1 - SUSE CaaS Platform ALL (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - SUSE CaaS Platform 3.0 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): timezone-2019a-74.23.1 timezone-debuginfo-2019a-74.23.1 timezone-debugsource-2019a-74.23.1 References: https://bugzilla.suse.com/1130557 From sle-updates at lists.suse.com Fri Mar 29 05:30:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 12:30:31 +0100 (CET) Subject: SUSE-RU-2019:0800-1: moderate: Recommended update for libtirpc Message-ID: <20190329113031.68B60F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0800-1 Rating: moderate References: #1126096 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Fixed yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-800=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-800=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-800=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-800=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-800=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-800=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-devel-1.0.1-17.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-devel-1.0.1-17.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libtirpc3-32bit-1.0.1-17.13.1 libtirpc3-debuginfo-32bit-1.0.1-17.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtirpc3-32bit-1.0.1-17.13.1 libtirpc3-debuginfo-32bit-1.0.1-17.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-32bit-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 libtirpc3-debuginfo-32bit-1.0.1-17.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-32bit-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 libtirpc3-debuginfo-32bit-1.0.1-17.13.1 - SUSE CaaS Platform ALL (x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 - SUSE CaaS Platform 3.0 (x86_64): libtirpc-debugsource-1.0.1-17.13.1 libtirpc-netconfig-1.0.1-17.13.1 libtirpc3-1.0.1-17.13.1 libtirpc3-debuginfo-1.0.1-17.13.1 References: https://bugzilla.suse.com/1126096 From sle-updates at lists.suse.com Fri Mar 29 08:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 15:10:17 +0100 (CET) Subject: SUSE-RU-2019:0802-1: moderate: Recommended update for openattic Message-ID: <20190329141017.16AA1F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openattic ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0802-1 Rating: moderate References: #1125214 #1127513 #1128532 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openattic fixes the following issues: Update to upstream version 3.7.2: - Fixed openATTIC e2e test failure: RBD input validation fails (bsc#1127513) - Fixed failing Gatling test "RbdCreateDataPoolTestCase" (bsc#1128532) - Fixed that the background task runtime Calculation did not observe time zone settings, resulting in incorrect values (bsc#1125214) See CHANGELOG for detailed changes Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-802=1 Package List: - SUSE Enterprise Storage 5 (noarch): openattic-3.7.2-2.18.1 openattic-debugsource-3.7.2-2.18.1 References: https://bugzilla.suse.com/1125214 https://bugzilla.suse.com/1127513 https://bugzilla.suse.com/1128532 From sle-updates at lists.suse.com Fri Mar 29 11:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:11:37 +0100 (CET) Subject: SUSE-SU-2019:0806-1: Security update for sysstat Message-ID: <20190329171137.C34A3F7BB@maintenance.suse.de> SUSE Security Update: Security update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0806-1 Rating: low References: #1117001 #1117260 Cross-References: CVE-2018-19416 CVE-2018-19517 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-806=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-806=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.6.12 sysstat-debugsource-12.0.2-3.6.12 sysstat-isag-12.0.2-3.6.12 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.6.12 sysstat-debuginfo-12.0.2-3.6.12 sysstat-debugsource-12.0.2-3.6.12 References: https://www.suse.com/security/cve/CVE-2018-19416.html https://www.suse.com/security/cve/CVE-2018-19517.html https://bugzilla.suse.com/1117001 https://bugzilla.suse.com/1117260 From sle-updates at lists.suse.com Fri Mar 29 11:12:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:12:21 +0100 (CET) Subject: SUSE-SU-2019:0805-1: moderate: Recommended update for adcli, sssd Message-ID: <20190329171221.BA755F7BB@maintenance.suse.de> SUSE Security Update: Recommended update for adcli, sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0805-1 Rating: moderate References: #1109849 #1110121 #1121759 #1125617 #1127670 Cross-References: CVE-2019-3811 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759) Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider (bsc#1125617) - Clear pid file in corner cases (bsc#1127670) - Fix child unable to write to log file after SIGHUP (bsc#1127670) - Include adcli in SUSE Linux Enterprise 12 SP3 for sssd-ad. (fate#326619, bsc#1109849) The adcli enables sssd to do password renewal when using Active Directory. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-805=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-805=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-805=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.31.1 libsss_idmap-devel-1.13.4-34.31.1 libsss_nss_idmap-devel-1.13.4-34.31.1 sssd-debuginfo-1.13.4-34.31.1 sssd-debugsource-1.13.4-34.31.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-1.3.1 adcli-debuginfo-0.8.2-1.3.1 adcli-debugsource-0.8.2-1.3.1 libipa_hbac0-1.13.4-34.31.1 libipa_hbac0-debuginfo-1.13.4-34.31.1 libsss_idmap0-1.13.4-34.31.1 libsss_idmap0-debuginfo-1.13.4-34.31.1 libsss_nss_idmap0-1.13.4-34.31.1 libsss_nss_idmap0-debuginfo-1.13.4-34.31.1 libsss_sudo-1.13.4-34.31.1 libsss_sudo-debuginfo-1.13.4-34.31.1 python-sssd-config-1.13.4-34.31.1 python-sssd-config-debuginfo-1.13.4-34.31.1 sssd-1.13.4-34.31.1 sssd-ad-1.13.4-34.31.1 sssd-ad-debuginfo-1.13.4-34.31.1 sssd-debuginfo-1.13.4-34.31.1 sssd-debugsource-1.13.4-34.31.1 sssd-ipa-1.13.4-34.31.1 sssd-ipa-debuginfo-1.13.4-34.31.1 sssd-krb5-1.13.4-34.31.1 sssd-krb5-common-1.13.4-34.31.1 sssd-krb5-common-debuginfo-1.13.4-34.31.1 sssd-krb5-debuginfo-1.13.4-34.31.1 sssd-ldap-1.13.4-34.31.1 sssd-ldap-debuginfo-1.13.4-34.31.1 sssd-proxy-1.13.4-34.31.1 sssd-proxy-debuginfo-1.13.4-34.31.1 sssd-tools-1.13.4-34.31.1 sssd-tools-debuginfo-1.13.4-34.31.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): sssd-32bit-1.13.4-34.31.1 sssd-debuginfo-32bit-1.13.4-34.31.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): adcli-0.8.2-1.3.1 adcli-debuginfo-0.8.2-1.3.1 adcli-debugsource-0.8.2-1.3.1 libipa_hbac0-1.13.4-34.31.1 libipa_hbac0-debuginfo-1.13.4-34.31.1 libsss_idmap0-1.13.4-34.31.1 libsss_idmap0-debuginfo-1.13.4-34.31.1 libsss_nss_idmap0-1.13.4-34.31.1 libsss_nss_idmap0-debuginfo-1.13.4-34.31.1 libsss_sudo-1.13.4-34.31.1 libsss_sudo-debuginfo-1.13.4-34.31.1 python-sssd-config-1.13.4-34.31.1 python-sssd-config-debuginfo-1.13.4-34.31.1 sssd-1.13.4-34.31.1 sssd-32bit-1.13.4-34.31.1 sssd-ad-1.13.4-34.31.1 sssd-ad-debuginfo-1.13.4-34.31.1 sssd-debuginfo-1.13.4-34.31.1 sssd-debuginfo-32bit-1.13.4-34.31.1 sssd-debugsource-1.13.4-34.31.1 sssd-ipa-1.13.4-34.31.1 sssd-ipa-debuginfo-1.13.4-34.31.1 sssd-krb5-1.13.4-34.31.1 sssd-krb5-common-1.13.4-34.31.1 sssd-krb5-common-debuginfo-1.13.4-34.31.1 sssd-krb5-debuginfo-1.13.4-34.31.1 sssd-ldap-1.13.4-34.31.1 sssd-ldap-debuginfo-1.13.4-34.31.1 sssd-proxy-1.13.4-34.31.1 sssd-proxy-debuginfo-1.13.4-34.31.1 sssd-tools-1.13.4-34.31.1 sssd-tools-debuginfo-1.13.4-34.31.1 References: https://www.suse.com/security/cve/CVE-2019-3811.html https://bugzilla.suse.com/1109849 https://bugzilla.suse.com/1110121 https://bugzilla.suse.com/1121759 https://bugzilla.suse.com/1125617 https://bugzilla.suse.com/1127670 From sle-updates at lists.suse.com Fri Mar 29 11:13:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:13:38 +0100 (CET) Subject: SUSE-RU-2019:0812-1: moderate: Recommended update for openstack-dashboard-theme-SUSE Message-ID: <20190329171338.5B3D1F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard-theme-SUSE ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0812-1 Rating: moderate References: Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for openstack-dashboard-theme-SUSE fixes the following issues: - Avoid conflicts b/w menu and pagination - Fix hamburger colors - Do a better job of painting backgrounds - Use background colors to simulate navbar - Revert "Account for tall pages" - Account for tall pages - SCRD-6919 Address layout problems with smaller screens - Remove lingering reference to unused css - Update button styling (SCRD-6919) - Update panels, list group items, and button hover colors - SCRD-6919 Use SUSE colors throughout - SCRD-6919 Incorporate EOS colors Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-812=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-812=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-dashboard-theme-SUSE-2017.2+git.1550090898.fe14283-7.8.1 - SUSE OpenStack Cloud 8 (noarch): openstack-dashboard-theme-SUSE-2017.2+git.1550090898.fe14283-7.8.1 References: From sle-updates at lists.suse.com Fri Mar 29 11:14:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:14:08 +0100 (CET) Subject: SUSE-SU-2019:13995-1: moderate: Security update for GraphicsMagick Message-ID: <20190329171408.B7F54F7BB@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13995-1 Rating: moderate References: #1120381 #1124365 #1124366 #1128649 Cross-References: CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381) - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13995=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13995=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13995=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.85.1 libGraphicsMagick2-1.2.5-78.85.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.85.1 libGraphicsMagick2-1.2.5-78.85.1 perl-GraphicsMagick-1.2.5-78.85.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.85.1 GraphicsMagick-debugsource-1.2.5-78.85.1 References: https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1128649 From sle-updates at lists.suse.com Fri Mar 29 11:15:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:15:11 +0100 (CET) Subject: SUSE-RU-2019:0811-1: moderate: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20190329171511.602A2F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0811-1 Rating: moderate References: #1125893 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-suse-openstack-cloud fixes the following issues: - Remove de-de from the URL again. - Transfer C8 revision history from MF wiki (SCRD-7737) - Typo/grammar fixes + URL fix - Remove Crowbar deprecation date (bsc#1125893) - Remove comment that ovsvapp is not functional - Switch to suse-openstack-cloud-8 branch Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-811=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-811=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-811=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): release-notes-suse-openstack-cloud-8.20190312-3.17.1 - SUSE OpenStack Cloud 8 (noarch): release-notes-suse-openstack-cloud-8.20190312-3.17.1 - HPE Helion Openstack 8 (noarch): release-notes-hpe-helion-openstack-8.20190312-3.17.1 References: https://bugzilla.suse.com/1125893 From sle-updates at lists.suse.com Fri Mar 29 11:15:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:15:53 +0100 (CET) Subject: SUSE-SU-2019:0803-1: moderate: Security update for openssl Message-ID: <20190329171553.68FAAF7BB@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0803-1 Rating: moderate References: #1100078 #1113975 #1117951 #1127080 Cross-References: CVE-2019-1559 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-803=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-803=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-803=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-803=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-803=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-803=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-803=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-803=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-803=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE Enterprise Storage 4 (noarch): openssl-doc-1.0.2j-60.49.1 - SUSE Enterprise Storage 4 (x86_64): libopenssl-devel-1.0.2j-60.49.1 libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-32bit-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.49.1 libopenssl1_0_0-hmac-1.0.2j-60.49.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.49.1 libopenssl1_0_0-debuginfo-1.0.2j-60.49.1 openssl-1.0.2j-60.49.1 openssl-debuginfo-1.0.2j-60.49.1 openssl-debugsource-1.0.2j-60.49.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1100078 https://bugzilla.suse.com/1113975 https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1127080 From sle-updates at lists.suse.com Fri Mar 29 11:17:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:17:15 +0100 (CET) Subject: SUSE-RU-2019:0810-1: moderate: Recommended update for dracut Message-ID: <20190329171715.23022F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0810-1 Rating: moderate References: #1127891 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Check SUSE kernel module dependencies recursively (bsc#1127891) - Avoid "Failed to chown ... Operation not permitted" when run from non-root, by not copying xattrs. (osc#1092178) - Handle non-versioned dependency in purge-kernels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-810=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-810=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-044.2-10.12.1 dracut-debuginfo-044.2-10.12.1 dracut-debugsource-044.2-10.12.1 dracut-fips-044.2-10.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-044.2-10.12.1 dracut-debuginfo-044.2-10.12.1 dracut-debugsource-044.2-10.12.1 References: https://bugzilla.suse.com/1127891 From sle-updates at lists.suse.com Fri Mar 29 11:17:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:17:59 +0100 (CET) Subject: SUSE-SU-2019:13994-1: Security update for liblouis Message-ID: <20190329171759.9EAEFF7BB@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13994-1 Rating: low References: #1109319 Cross-References: CVE-2018-17294 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for liblouis and python-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-liblouis-13994=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-liblouis-13994=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-1.7.0-1.3.16.1 liblouis0-1.7.0-1.3.16.1 python-louis-1.7.0-1.3.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-debuginfo-1.7.0-1.3.16.1 liblouis-debugsource-1.7.0-1.3.16.1 References: https://www.suse.com/security/cve/CVE-2018-17294.html https://bugzilla.suse.com/1109319 From sle-updates at lists.suse.com Fri Mar 29 11:18:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:18:46 +0100 (CET) Subject: SUSE-RU-2019:13996-1: moderate: Recommended update for timezone Message-ID: <20190329171846.1664AF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13996-1 Rating: moderate References: #1130557 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: timezone was updated to 2019a (bsc#1130557): * Palestine "springs forward" on 2019-03-30 instead of 2019-03-23 * Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-13996=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-13996=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-13996=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-13996=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-13996=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2019a-0.52.23.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2019a-0.52.23.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2019a-0.52.23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2019a-0.52.23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2019a-0.52.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2019a-0.52.23.1 timezone-debugsource-2019a-0.52.23.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2019a-0.52.23.1 timezone-debugsource-2019a-0.52.23.1 References: https://bugzilla.suse.com/1130557 From sle-updates at lists.suse.com Fri Mar 29 11:19:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 18:19:27 +0100 (CET) Subject: SUSE-SU-2019:0804-1: moderate: Security update for ovmf Message-ID: <20190329171927.A97BBF7BB@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0804-1 Rating: moderate References: #1128503 #1130267 Cross-References: CVE-2018-12181 CVE-2019-0160 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267). - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-804=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.19.1 ovmf-tools-2017+git1510945757.b2662641d5-5.19.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.19.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.19.1 References: https://www.suse.com/security/cve/CVE-2018-12181.html https://www.suse.com/security/cve/CVE-2019-0160.html https://bugzilla.suse.com/1128503 https://bugzilla.suse.com/1130267 From sle-updates at lists.suse.com Fri Mar 29 14:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Mar 2019 21:10:24 +0100 (CET) Subject: SUSE-RU-2019:0816-1: moderate: Recommended update for openvswitch Message-ID: <20190329201024.9C35DFFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0816-1 Rating: moderate References: #1115085 #1116437 #1124435 #1125606 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: Version bump to 2.7.7 bugfix release (bsc#1125606). Some of the changes are: * dpdk: Use DPDK 16.11.8 release. * dpif-netdev.at: Add missing backslash. * test-hash: Fix unaligned pointer value error. * odp-execute: Fix broken build with Clang as compiler. * expr: Disallow < <= >= > comparisons against empty value set. * expr: Set a limit on the depth of nested parentheses * Python: Make Row's __getattr__ less error prone * Revert "bridge: Fix ovs-appctl qos/show repeated queue information" * netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH. * bridge: Fix ovs-appctl qos/show repeated queue information * lex: Fix buffer overrun parsing overlong hexadecimal constants. * ovsdb-client: Fix a bug that uses wrong index * flow: Fix uninitialized flow fields in IPv6 error case. * meta-flow: Make "nw_frag" a synonym for "ip_frag". * datapath: lisp: Fix uninitialized field in tunnel_cfg. * odp-util: Don't attempt to write IPv6 flow label bits that don't exist. * daemon-unix: Use same name for original or restarted children. * utilities: Drop shebang from bash completion script * ofp-actions: Re-fix error path for parsing OpenFlow actions. * nx-match: Avoid double-free on some error paths. * netdev-dpdk: Support the link speed of XL710 * netdev-linux: Avoid division by 0 if kernel reports bad scheduler data. * ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)). * netdev-dpdk: Fix failure to configure flow control at netdev-init. * netdev-dpdk: Use hex for PCI vendor ID. * ofctl: Fixup compare_flows function * stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it. * utilities: Launch ovsdb-tool without using PAM * ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap". * stream-ssl: Don't enable new TLS versions by default * pcap-file: Fix formatting of log message. * meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field. * nx-match: Fix memory leak in oxm_pull_field_array() error case. * datapath: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found * compat: Initialize IPv4 reassembly secret timer * Revert "flow: Fix buffer overread for crafted IPv6 packets." * ifupdown.sh: Correctly bring up bond slaves. * flow: Fix buffer overread for crafted IPv6 packets. * ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command. * ofp-actions: Fix buffer overread in decode_LEARN_specs(). * ofp-actions: Avoid buffer overread in BUNDLE action decoding. * rconn: Suppress 'connected' log for unreliable connections. * datapath: stt: linearize in SKIP_ZERO_COPY case * ovn: Fix DHCP classless static route for non-classful masks. * ofproto: Fix OVS crash when reverting old flows in bundle commit * rconn: Introduce new invariant to fix assertion failure in corner case. * lib: fix typo in fragment handling error message Other bugfixes: - Backport upstream fix for python json parser memory leak (bsc#1116437): - New python subpackages obsolete old python subpackages (bsc#1124435). - Improve python packaging (bsc#1115085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-816=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.7-3.28.1 openvswitch-debuginfo-2.7.7-3.28.1 openvswitch-debugsource-2.7.7-3.28.1 References: https://bugzilla.suse.com/1115085 https://bugzilla.suse.com/1116437 https://bugzilla.suse.com/1124435 https://bugzilla.suse.com/1125606 From sle-updates at lists.suse.com Fri Mar 29 17:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:09:50 +0100 (CET) Subject: SUSE-RU-2019:0822-1: moderate: Recommended update for yast2-iscsi-lio-server Message-ID: <20190329230950.3B862FFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-iscsi-lio-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0822-1 Rating: moderate References: #1123381 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-iscsi-lio-server fixes the following issues: - iscsi server enables discovery authentication unexpectedly (bsc#1123381) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-822=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-822=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-iscsi-lio-server-3.2.2-3.5.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-iscsi-lio-server-3.2.2-3.5.1 References: https://bugzilla.suse.com/1123381 From sle-updates at lists.suse.com Fri Mar 29 17:10:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:10:29 +0100 (CET) Subject: SUSE-RU-2019:0821-1: moderate: Recommended update for tomcat Message-ID: <20190329231029.3809DFFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0821-1 Rating: moderate References: #1115951 #1123407 #1126202 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - Page of SUSE Manager broken (bsc#1126202,bsc#1115951). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-821=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-821=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.12-3.21.1 tomcat-admin-webapps-9.0.12-3.21.1 tomcat-el-3_0-api-9.0.12-3.21.1 tomcat-jsp-2_3-api-9.0.12-3.21.1 tomcat-lib-9.0.12-3.21.1 tomcat-servlet-4_0-api-9.0.12-3.21.1 tomcat-webapps-9.0.12-3.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.12-3.21.1 tomcat-embed-9.0.12-3.21.1 tomcat-javadoc-9.0.12-3.21.1 tomcat-jsvc-9.0.12-3.21.1 References: https://bugzilla.suse.com/1115951 https://bugzilla.suse.com/1123407 https://bugzilla.suse.com/1126202 From sle-updates at lists.suse.com Fri Mar 29 17:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:11:24 +0100 (CET) Subject: SUSE-RU-2019:14000-1: moderate: Recommended update for netatalk Message-ID: <20190329231124.86CC7FFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14000-1 Rating: moderate References: #1120224 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netatalk fixes the following issues: - cnid_metad is now running by default (bsc#1120224) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-netatalk-14000=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netatalk-14000=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): netatalk-2.0.3-249.23.7.3 netatalk-devel-2.0.3-249.23.7.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): netatalk-debuginfo-2.0.3-249.23.7.3 netatalk-debugsource-2.0.3-249.23.7.3 References: https://bugzilla.suse.com/1120224 From sle-updates at lists.suse.com Fri Mar 29 17:12:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:12:11 +0100 (CET) Subject: SUSE-RU-2019:0819-1: moderate: Recommended update for openssh Message-ID: <20190329231211.36234FFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0819-1 Rating: moderate References: #1119183 #1127180 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssh fixes the following issues: Issues addressed: - Removed the "KexDHMin" config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. However, the code was broken since the upgrade to 7.6p1. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems. - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-819=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-819=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-819=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-819=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.26.4 openssh-debugsource-7.6p1-9.26.4 openssh-fips-7.6p1-9.26.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.26.4 openssh-cavs-debuginfo-7.6p1-9.26.4 openssh-debuginfo-7.6p1-9.26.4 openssh-debugsource-7.6p1-9.26.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.26.4 openssh-askpass-gnome-debuginfo-7.6p1-9.26.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.26.4 openssh-debuginfo-7.6p1-9.26.4 openssh-debugsource-7.6p1-9.26.4 openssh-helpers-7.6p1-9.26.4 openssh-helpers-debuginfo-7.6p1-9.26.4 References: https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1127180 From sle-updates at lists.suse.com Fri Mar 29 17:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:13:00 +0100 (CET) Subject: SUSE-SU-2019:0818-1: moderate: Security update for nodejs6 Message-ID: <20190329231300.923CEFFCF@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0818-1 Rating: moderate References: #1127080 #1127532 #1127533 Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs6 to version 6.17.0 fixes the following issues: Security issues fixed: - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Release Notes: https://nodejs.org/en/blog/release/v6.17.0/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-818=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-818=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-818=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-818=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.17.0-11.24.1 nodejs6-debuginfo-6.17.0-11.24.1 nodejs6-debugsource-6.17.0-11.24.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.17.0-11.24.1 nodejs6-debuginfo-6.17.0-11.24.1 nodejs6-debugsource-6.17.0-11.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.17.0-11.24.1 nodejs6-debuginfo-6.17.0-11.24.1 nodejs6-debugsource-6.17.0-11.24.1 nodejs6-devel-6.17.0-11.24.1 npm6-6.17.0-11.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.17.0-11.24.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.17.0-11.24.1 nodejs6-debuginfo-6.17.0-11.24.1 nodejs6-debugsource-6.17.0-11.24.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://www.suse.com/security/cve/CVE-2019-5737.html https://www.suse.com/security/cve/CVE-2019-5739.html https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1127532 https://bugzilla.suse.com/1127533 From sle-updates at lists.suse.com Fri Mar 29 17:14:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:14:00 +0100 (CET) Subject: SUSE-RU-2019:0823-1: moderate: Optional update for php72 Message-ID: <20190329231400.2633AFFCF@maintenance.suse.de> SUSE Recommended Update: Optional update for php72 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0823-1 Rating: moderate References: #1126314 #1129032 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update provides PHP 7.2 and subpackages to the SUSE Linux Enterprise 12 Web and Scripting Module. It is a replacement of the php7 packages, the packages do not co-exist. The mcrypt extensions was removed in PHP 7.2. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-823=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-823=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-823=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-823=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-823=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmemcached-debuginfo-1.0.18-3.2.1 libmemcached-debugsource-1.0.18-3.2.1 libmemcached-devel-1.0.18-3.2.1 libtidy-0_99-0-1.0.20100204cvs-26.2.1 libtidy-0_99-0-debuginfo-1.0.20100204cvs-26.2.1 libtidy-0_99-0-devel-1.0.20100204cvs-26.2.1 php72-debuginfo-7.2.5-1.7.1 php72-debugsource-7.2.5-1.7.1 php72-devel-7.2.5-1.7.1 tidy-1.0.20100204cvs-26.2.1 tidy-debuginfo-1.0.20100204cvs-26.2.1 tidy-debugsource-1.0.20100204cvs-26.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtidy-0_99-0-1.0.20100204cvs-26.2.1 libtidy-0_99-0-debuginfo-1.0.20100204cvs-26.2.1 libtidy-0_99-0-devel-1.0.20100204cvs-26.2.1 php72-debuginfo-7.2.5-1.7.1 php72-debugsource-7.2.5-1.7.1 php72-devel-7.2.5-1.7.1 tidy-1.0.20100204cvs-26.2.1 tidy-debuginfo-1.0.20100204cvs-26.2.1 tidy-debugsource-1.0.20100204cvs-26.2.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmemcached-1.0.18-3.2.1 libmemcached-debuginfo-1.0.18-3.2.1 libmemcached-debugsource-1.0.18-3.2.1 libmemcached11-1.0.18-3.2.1 libmemcached11-debuginfo-1.0.18-3.2.1 libmemcachedutil2-1.0.18-3.2.1 libmemcachedutil2-debuginfo-1.0.18-3.2.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmemcached-1.0.18-3.2.1 libmemcached-debuginfo-1.0.18-3.2.1 libmemcached-debugsource-1.0.18-3.2.1 libmemcached11-1.0.18-3.2.1 libmemcached11-debuginfo-1.0.18-3.2.1 libmemcachedutil2-1.0.18-3.2.1 libmemcachedutil2-debuginfo-1.0.18-3.2.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.7.1 apache2-mod_php72-debuginfo-7.2.5-1.7.1 libmemcached11-1.0.18-3.2.1 libmemcached11-debuginfo-1.0.18-3.2.1 libtidy-0_99-0-1.0.20100204cvs-26.2.1 libtidy-0_99-0-debuginfo-1.0.20100204cvs-26.2.1 php72-7.2.5-1.7.1 php72-bcmath-7.2.5-1.7.1 php72-bcmath-debuginfo-7.2.5-1.7.1 php72-bz2-7.2.5-1.7.1 php72-bz2-debuginfo-7.2.5-1.7.1 php72-calendar-7.2.5-1.7.1 php72-calendar-debuginfo-7.2.5-1.7.1 php72-ctype-7.2.5-1.7.1 php72-ctype-debuginfo-7.2.5-1.7.1 php72-curl-7.2.5-1.7.1 php72-curl-debuginfo-7.2.5-1.7.1 php72-dba-7.2.5-1.7.1 php72-dba-debuginfo-7.2.5-1.7.1 php72-debuginfo-7.2.5-1.7.1 php72-debugsource-7.2.5-1.7.1 php72-dom-7.2.5-1.7.1 php72-dom-debuginfo-7.2.5-1.7.1 php72-enchant-7.2.5-1.7.1 php72-enchant-debuginfo-7.2.5-1.7.1 php72-exif-7.2.5-1.7.1 php72-exif-debuginfo-7.2.5-1.7.1 php72-fastcgi-7.2.5-1.7.1 php72-fastcgi-debuginfo-7.2.5-1.7.1 php72-fileinfo-7.2.5-1.7.1 php72-fileinfo-debuginfo-7.2.5-1.7.1 php72-fpm-7.2.5-1.7.1 php72-fpm-debuginfo-7.2.5-1.7.1 php72-ftp-7.2.5-1.7.1 php72-ftp-debuginfo-7.2.5-1.7.1 php72-gd-7.2.5-1.7.1 php72-gd-debuginfo-7.2.5-1.7.1 php72-gettext-7.2.5-1.7.1 php72-gettext-debuginfo-7.2.5-1.7.1 php72-gmp-7.2.5-1.7.1 php72-gmp-debuginfo-7.2.5-1.7.1 php72-iconv-7.2.5-1.7.1 php72-iconv-debuginfo-7.2.5-1.7.1 php72-imap-7.2.5-1.7.1 php72-imap-debuginfo-7.2.5-1.7.1 php72-intl-7.2.5-1.7.1 php72-intl-debuginfo-7.2.5-1.7.1 php72-json-7.2.5-1.7.1 php72-json-debuginfo-7.2.5-1.7.1 php72-ldap-7.2.5-1.7.1 php72-ldap-debuginfo-7.2.5-1.7.1 php72-mbstring-7.2.5-1.7.1 php72-mbstring-debuginfo-7.2.5-1.7.1 php72-memcached-3.1.3-1.3.1 php72-memcached-debuginfo-3.1.3-1.3.1 php72-memcached-debugsource-3.1.3-1.3.1 php72-mysql-7.2.5-1.7.1 php72-mysql-debuginfo-7.2.5-1.7.1 php72-odbc-7.2.5-1.7.1 php72-odbc-debuginfo-7.2.5-1.7.1 php72-opcache-7.2.5-1.7.1 php72-opcache-debuginfo-7.2.5-1.7.1 php72-openssl-7.2.5-1.7.1 php72-openssl-debuginfo-7.2.5-1.7.1 php72-pcntl-7.2.5-1.7.1 php72-pcntl-debuginfo-7.2.5-1.7.1 php72-pdo-7.2.5-1.7.1 php72-pdo-debuginfo-7.2.5-1.7.1 php72-pgsql-7.2.5-1.7.1 php72-pgsql-debuginfo-7.2.5-1.7.1 php72-phar-7.2.5-1.7.1 php72-phar-debuginfo-7.2.5-1.7.1 php72-posix-7.2.5-1.7.1 php72-posix-debuginfo-7.2.5-1.7.1 php72-pspell-7.2.5-1.7.1 php72-pspell-debuginfo-7.2.5-1.7.1 php72-readline-7.2.5-1.7.1 php72-readline-debuginfo-7.2.5-1.7.1 php72-shmop-7.2.5-1.7.1 php72-shmop-debuginfo-7.2.5-1.7.1 php72-snmp-7.2.5-1.7.1 php72-snmp-debuginfo-7.2.5-1.7.1 php72-soap-7.2.5-1.7.1 php72-soap-debuginfo-7.2.5-1.7.1 php72-sockets-7.2.5-1.7.1 php72-sockets-debuginfo-7.2.5-1.7.1 php72-sqlite-7.2.5-1.7.1 php72-sqlite-debuginfo-7.2.5-1.7.1 php72-sysvmsg-7.2.5-1.7.1 php72-sysvmsg-debuginfo-7.2.5-1.7.1 php72-sysvsem-7.2.5-1.7.1 php72-sysvsem-debuginfo-7.2.5-1.7.1 php72-sysvshm-7.2.5-1.7.1 php72-sysvshm-debuginfo-7.2.5-1.7.1 php72-tidy-7.2.5-1.7.1 php72-tidy-debuginfo-7.2.5-1.7.1 php72-tokenizer-7.2.5-1.7.1 php72-tokenizer-debuginfo-7.2.5-1.7.1 php72-wddx-7.2.5-1.7.1 php72-wddx-debuginfo-7.2.5-1.7.1 php72-xmlreader-7.2.5-1.7.1 php72-xmlreader-debuginfo-7.2.5-1.7.1 php72-xmlrpc-7.2.5-1.7.1 php72-xmlrpc-debuginfo-7.2.5-1.7.1 php72-xmlwriter-7.2.5-1.7.1 php72-xmlwriter-debuginfo-7.2.5-1.7.1 php72-xsl-7.2.5-1.7.1 php72-xsl-debuginfo-7.2.5-1.7.1 php72-zip-7.2.5-1.7.1 php72-zip-debuginfo-7.2.5-1.7.1 php72-zlib-7.2.5-1.7.1 php72-zlib-debuginfo-7.2.5-1.7.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.7.1 php72-pear-Archive_Tar-7.2.5-1.7.1 References: https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9022.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9641.html https://bugzilla.suse.com/1126314 https://bugzilla.suse.com/1129032 From sle-updates at lists.suse.com Fri Mar 29 17:14:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:14:55 +0100 (CET) Subject: SUSE-SU-2019:13999-1: moderate: Security update for various KMPs Message-ID: <20190329231455.B9D9CFFCF@maintenance.suse.de> SUSE Security Update: Security update for various KMPs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13999-1 Rating: moderate References: #1095824 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update rebuilds missing kernel modules (KMP) to use "retpolines" mitigations for Spectre Variant 2 (CVE-2017-5715). Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kmps-retpoline-20190320-13999=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kmps-retpoline-20190320-13999=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kmps-retpoline-20190320-13999=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-kmps-retpoline-20190320-13999=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kmps-retpoline-20190320-13999=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64): ofed-devel-1.5.4.1-22.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): iscsitarget-1.4.20-0.43.7.1 iscsitarget-kmp-default-1.4.20_3.0.101_108.87-0.43.7.1 iscsitarget-kmp-trace-1.4.20_3.0.101_108.87-0.43.7.1 ofed-1.5.4.1-22.6.1 ofed-doc-1.5.4.1-22.6.1 oracleasm-2.0.5-7.44.2.1 oracleasm-kmp-default-2.0.5_3.0.101_108.87-7.44.2.1 oracleasm-kmp-trace-2.0.5_3.0.101_108.87-7.44.2.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): ofed-kmp-default-1.5.4.1_3.0.101_108.87-22.6.1 ofed-kmp-trace-1.5.4.1_3.0.101_108.87-22.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): iscsitarget-kmp-xen-1.4.20_3.0.101_108.87-0.43.7.1 oracleasm-kmp-xen-2.0.5_3.0.101_108.87-7.44.2.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): iscsitarget-kmp-bigmem-1.4.20_3.0.101_108.87-0.43.7.1 iscsitarget-kmp-ppc64-1.4.20_3.0.101_108.87-0.43.7.1 ofed-kmp-bigmem-1.5.4.1_3.0.101_108.87-22.6.1 ofed-kmp-ppc64-1.5.4.1_3.0.101_108.87-22.6.1 oracleasm-kmp-bigmem-2.0.5_3.0.101_108.87-7.44.2.1 oracleasm-kmp-ppc64-2.0.5_3.0.101_108.87-7.44.2.1 - SUSE Linux Enterprise Server 11-SP4 (i586): iscsitarget-kmp-pae-1.4.20_3.0.101_108.87-0.43.7.1 ofed-kmp-pae-1.5.4.1_3.0.101_108.87-22.6.1 oracleasm-kmp-pae-2.0.5_3.0.101_108.87-7.44.2.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): cluster-network-kmp-rt-1.4_3.0.101_rt130_69.42-2.32.6.1 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_69.42-2.32.6.1 drbd-kmp-rt-8.4.4_3.0.101_rt130_69.42-0.27.6.1 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_69.42-0.27.6.1 gfs2-kmp-rt-2_3.0.101_rt130_69.42-0.24.6.1 gfs2-kmp-rt_trace-2_3.0.101_rt130_69.42-0.24.6.1 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_69.42-0.43.7.1 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_69.42-0.43.7.1 ocfs2-kmp-rt-1.6_3.0.101_rt130_69.42-0.28.9.1 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.42-0.28.9.1 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_69.42-22.6.1 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_69.42-22.6.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_108.87-2.32.6.1 cluster-network-kmp-trace-1.4_3.0.101_108.87-2.32.6.1 drbd-8.4.4-0.27.6.1 drbd-bash-completion-8.4.4-0.27.6.1 drbd-heartbeat-8.4.4-0.27.6.1 drbd-kmp-default-8.4.4_3.0.101_108.87-0.27.6.1 drbd-kmp-trace-8.4.4_3.0.101_108.87-0.27.6.1 drbd-pacemaker-8.4.4-0.27.6.1 drbd-udev-8.4.4-0.27.6.1 drbd-utils-8.4.4-0.27.6.1 gfs2-kmp-default-2_3.0.101_108.87-0.24.6.1 gfs2-kmp-trace-2_3.0.101_108.87-0.24.6.1 ocfs2-kmp-default-1.6_3.0.101_108.87-0.28.9.1 ocfs2-kmp-trace-1.6_3.0.101_108.87-0.28.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_108.87-2.32.6.1 drbd-kmp-xen-8.4.4_3.0.101_108.87-0.27.6.1 gfs2-kmp-xen-2_3.0.101_108.87-0.24.6.1 ocfs2-kmp-xen-1.6_3.0.101_108.87-0.28.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.6.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): cluster-network-kmp-bigmem-1.4_3.0.101_108.87-2.32.6.1 cluster-network-kmp-ppc64-1.4_3.0.101_108.87-2.32.6.1 drbd-kmp-bigmem-8.4.4_3.0.101_108.87-0.27.6.1 drbd-kmp-ppc64-8.4.4_3.0.101_108.87-0.27.6.1 gfs2-kmp-bigmem-2_3.0.101_108.87-0.24.6.1 gfs2-kmp-ppc64-2_3.0.101_108.87-0.24.6.1 ocfs2-kmp-bigmem-1.6_3.0.101_108.87-0.28.9.1 ocfs2-kmp-ppc64-1.6_3.0.101_108.87-0.28.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): cluster-network-kmp-pae-1.4_3.0.101_108.87-2.32.6.1 drbd-kmp-pae-8.4.4_3.0.101_108.87-0.27.6.1 gfs2-kmp-pae-2_3.0.101_108.87-0.24.6.1 ocfs2-kmp-pae-1.6_3.0.101_108.87-0.28.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): drbd-debuginfo-8.4.4-0.27.6.1 drbd-debugsource-8.4.4-0.27.6.1 iscsitarget-debuginfo-1.4.20-0.43.7.1 iscsitarget-debugsource-1.4.20-0.43.7.1 oracleasm-debuginfo-2.0.5-7.44.2.1 oracleasm-debugsource-2.0.5-7.44.2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): ofed-debuginfo-1.5.4.1-22.6.1 ofed-debugsource-1.5.4.1-22.6.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095824 From sle-updates at lists.suse.com Fri Mar 29 17:15:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:15:40 +0100 (CET) Subject: SUSE-RU-2019:0820-1: moderate: Recommended update for tomcat Message-ID: <20190329231540.B341BFFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0820-1 Rating: moderate References: #1115951 #1126202 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - Page of SUSE Manager broken (bsc#1126202,bsc#1115951). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-820=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): tomcat-9.0.12-3.8.1 tomcat-admin-webapps-9.0.12-3.8.1 tomcat-docs-webapp-9.0.12-3.8.1 tomcat-el-3_0-api-9.0.12-3.8.1 tomcat-javadoc-9.0.12-3.8.1 tomcat-jsp-2_3-api-9.0.12-3.8.1 tomcat-lib-9.0.12-3.8.1 tomcat-servlet-4_0-api-9.0.12-3.8.1 tomcat-webapps-9.0.12-3.8.1 References: https://bugzilla.suse.com/1115951 https://bugzilla.suse.com/1126202 From sle-updates at lists.suse.com Fri Mar 29 17:16:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:16:26 +0100 (CET) Subject: SUSE-SU-2019:13997-1: moderate: Security update for libssh2_org Message-ID: <20190329231626.0C3D8FFCF@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13997-1 Rating: moderate References: #1091236 #1128471 #1128472 #1128474 #1128476 #1128480 #1128481 #1128490 #1128492 #1128493 Cross-References: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Fixed an issue where libssh2 stops parsing known_hosts (bsc#1091236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libssh2_org-13997=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libssh2_org-13997=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libssh2-1-1.2.9-4.2.12.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libssh2_org-debuginfo-1.2.9-4.2.12.5.1 libssh2_org-debugsource-1.2.9-4.2.12.5.1 References: https://www.suse.com/security/cve/CVE-2019-3855.html https://www.suse.com/security/cve/CVE-2019-3856.html https://www.suse.com/security/cve/CVE-2019-3857.html https://www.suse.com/security/cve/CVE-2019-3858.html https://www.suse.com/security/cve/CVE-2019-3859.html https://www.suse.com/security/cve/CVE-2019-3860.html https://www.suse.com/security/cve/CVE-2019-3861.html https://www.suse.com/security/cve/CVE-2019-3862.html https://www.suse.com/security/cve/CVE-2019-3863.html https://bugzilla.suse.com/1091236 https://bugzilla.suse.com/1128471 https://bugzilla.suse.com/1128472 https://bugzilla.suse.com/1128474 https://bugzilla.suse.com/1128476 https://bugzilla.suse.com/1128480 https://bugzilla.suse.com/1128481 https://bugzilla.suse.com/1128490 https://bugzilla.suse.com/1128492 https://bugzilla.suse.com/1128493 From sle-updates at lists.suse.com Fri Mar 29 17:18:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:18:22 +0100 (CET) Subject: SUSE-SU-2019:13998-1: moderate: Security update for SDL Message-ID: <20190329231822.13F08FFCF@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13998-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-SDL-13998=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-SDL-13998=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-SDL-13998=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-SDL-13998=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): SDL-devel-1.2.13-106.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): SDL-devel-32bit-1.2.13-106.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): SDL-32bit-1.2.13-106.11.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): SDL-1.2.13-106.11.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): SDL-32bit-1.2.13-106.11.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): SDL-x86-1.2.13-106.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): SDL-1.2.13-106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): SDL-debuginfo-1.2.13-106.11.1 SDL-debugsource-1.2.13-106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): SDL-debuginfo-32bit-1.2.13-106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): SDL-debuginfo-x86-1.2.13-106.11.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-updates at lists.suse.com Fri Mar 29 17:22:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Mar 2019 00:22:55 +0100 (CET) Subject: SUSE-RU-2019:0817-1: moderate: Recommended update for s390-tools Message-ID: <20190329232255.CFCCEFFCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0817-1 Rating: moderate References: #1122696 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - zfcp_disk_configure script will now exit when the target device does not exist (bsc#1122696) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-817=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (s390x): osasnmpd-1.34.0-65.20.1 osasnmpd-debuginfo-1.34.0-65.20.1 s390-tools-1.34.0-65.20.1 s390-tools-debuginfo-1.34.0-65.20.1 s390-tools-debugsource-1.34.0-65.20.1 s390-tools-hmcdrvfs-1.34.0-65.20.1 s390-tools-hmcdrvfs-debuginfo-1.34.0-65.20.1 s390-tools-zdsfs-1.34.0-65.20.1 s390-tools-zdsfs-debuginfo-1.34.0-65.20.1 References: https://bugzilla.suse.com/1122696