SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0481-1 Rating: important References: #771619 #779488 #833588 #835839 #847652 #857643 #864049 #865442 #867531 #867723 #870161 #875051 #876633 #880892 #883096 #883948 #887082 #892490 #892782 #895680 #896382 #896390 #896391 #896392 #897995 #898693 #899192 #901885 #902232 #902346 #902349 #902351 #902675 #903640 #904013 #904700 #905100 #905312 #905799 #906586 #907189 #907338 #907396 #909078 #912654 #912705 #915335 Cross-References: CVE-2012-4398 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-2929 CVE-2013-7263 CVE-2014-0131 CVE-2014-0181 CVE-2014-2309 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-4608 CVE-2014-4943 CVE-2014-5471 CVE-2014-5472 CVE-2014-7826 CVE-2014-7841 CVE-2014-7842 CVE-2014-8134 CVE-2014-8369 CVE-2014-8559 CVE-2014-8709 CVE-2014-9584 CVE-2014-9585 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 34 vulnerabilities and has 13 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). * CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). * CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). * CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). * CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). * CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). * CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). * CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The following non-security bugs have been fixed: * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588, bnc#905799). * HID: add usage_index in struct hid_usage (bnc#835839). * Revert PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() Reduce time to shutdown large machines (bnc#865442 bnc#907396). * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart() Reduce time to shutdown large machines (bnc#865442 bnc#907396). * dm-mpath: fix panic on deleting sg device (bnc#870161). * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix bnc#880892). * handle more than just WS2008 in heartbeat negotiation (bnc#901885). * memcg: do not expose uninitialized mem_cgroup_per_node to world (bnc#883096). * mm: fix BUG in __split_huge_page_pmd (bnc#906586). * pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680, bnc#907189). * s390/3215: fix hanging console issue (bnc#898693, bnc#897995, LTC#115466). * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693, LTC#104168). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * target/rd: Refactor rd_build_device_space + rd_release_device_space. * timekeeping: Avoid possible deadlock from clock_was_set_delayed (bnc#771619, bnc#915335). * xfs: recheck buffer pinned status after push trylock failure (bnc#907338). * xfs: remove log force from xfs_buf_trylock() (bnc#907338). Security Issues: * CVE-2012-4398 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398> * CVE-2013-2893 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893> * CVE-2013-2897 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897> * CVE-2013-2899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899> * CVE-2013-2929 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929> * CVE-2013-7263 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263> * CVE-2014-0131 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131> * CVE-2014-0181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181> * CVE-2014-2309 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309> * CVE-2014-3181 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181> * CVE-2014-3184 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184> * CVE-2014-3185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185> * CVE-2014-3186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186> * CVE-2014-3601 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601> * CVE-2014-3610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610> * CVE-2014-3646 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646> * CVE-2014-3647 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647> * CVE-2014-3673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673> * CVE-2014-3687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687> * CVE-2014-3688 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688> * CVE-2014-3690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690> * CVE-2014-4608 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5471 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471> * CVE-2014-5472 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472> * CVE-2014-7826 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826> * CVE-2014-7841 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841> * CVE-2014-7842 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842> * CVE-2014-8134 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134> * CVE-2014-8369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369> * CVE-2014-8559 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559> * CVE-2014-8709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709> * CVE-2014-9584 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584> * CVE-2014-9585 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585> Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel=10239 slessp2-kernel=10245 slessp2-kernel=10246 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.29.1 kernel-default-base-3.0.101-0.7.29.1 kernel-default-devel-3.0.101-0.7.29.1 kernel-source-3.0.101-0.7.29.1 kernel-syms-3.0.101-0.7.29.1 kernel-trace-3.0.101-0.7.29.1 kernel-trace-base-3.0.101-0.7.29.1 kernel-trace-devel-3.0.101-0.7.29.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.29.1 kernel-ec2-base-3.0.101-0.7.29.1 kernel-ec2-devel-3.0.101-0.7.29.1 kernel-xen-3.0.101-0.7.29.1 kernel-xen-base-3.0.101-0.7.29.1 kernel-xen-devel-3.0.101-0.7.29.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.5.19 xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.5.19 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.29.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.29.1 kernel-pae-base-3.0.101-0.7.29.1 kernel-pae-devel-3.0.101-0.7.29.1 xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.5.19 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.29-0.14.142 ext4-writeable-kmp-trace-0_3.0.101_0.7.29-0.14.142 kernel-default-extra-3.0.101-0.7.29.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.7.29-0.14.142 kernel-xen-extra-3.0.101-0.7.29.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.7.29-0.14.142 kernel-pae-extra-3.0.101-0.7.29.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-2929.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-0131.html http://support.novell.com/security/cve/CVE-2014-0181.html http://support.novell.com/security/cve/CVE-2014-2309.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-3687.html http://support.novell.com/security/cve/CVE-2014-3688.html http://support.novell.com/security/cve/CVE-2014-3690.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-4943.html http://support.novell.com/security/cve/CVE-2014-5471.html http://support.novell.com/security/cve/CVE-2014-5472.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-7842.html http://support.novell.com/security/cve/CVE-2014-8134.html http://support.novell.com/security/cve/CVE-2014-8369.html http://support.novell.com/security/cve/CVE-2014-8559.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-9584.html http://support.novell.com/security/cve/CVE-2014-9585.html https://bugzilla.suse.com/771619 https://bugzilla.suse.com/779488 https://bugzilla.suse.com/833588 https://bugzilla.suse.com/835839 https://bugzilla.suse.com/847652 https://bugzilla.suse.com/857643 https://bugzilla.suse.com/864049 https://bugzilla.suse.com/865442 https://bugzilla.suse.com/867531 https://bugzilla.suse.com/867723 https://bugzilla.suse.com/870161 https://bugzilla.suse.com/875051 https://bugzilla.suse.com/876633 https://bugzilla.suse.com/880892 https://bugzilla.suse.com/883096 https://bugzilla.suse.com/883948 https://bugzilla.suse.com/887082 https://bugzilla.suse.com/892490 https://bugzilla.suse.com/892782 https://bugzilla.suse.com/895680 https://bugzilla.suse.com/896382 https://bugzilla.suse.com/896390 https://bugzilla.suse.com/896391 https://bugzilla.suse.com/896392 https://bugzilla.suse.com/897995 https://bugzilla.suse.com/898693 https://bugzilla.suse.com/899192 https://bugzilla.suse.com/901885 https://bugzilla.suse.com/902232 https://bugzilla.suse.com/902346 https://bugzilla.suse.com/902349 https://bugzilla.suse.com/902351 https://bugzilla.suse.com/902675 https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904013 https://bugzilla.suse.com/904700 https://bugzilla.suse.com/905100 https://bugzilla.suse.com/905312 https://bugzilla.suse.com/905799 https://bugzilla.suse.com/906586 https://bugzilla.suse.com/907189 https://bugzilla.suse.com/907338 https://bugzilla.suse.com/907396 https://bugzilla.suse.com/909078 https://bugzilla.suse.com/912654 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/915335 http://download.suse.com/patch/finder/?keywords=1aca006b7fb12ba06b40aba05772... http://download.suse.com/patch/finder/?keywords=276c3f04008f2b450bc62f6bb64d... http://download.suse.com/patch/finder/?keywords=450d3910ce461844d33188377a39... http://download.suse.com/patch/finder/?keywords=55fa96c03a923b1679e1f132d850... http://download.suse.com/patch/finder/?keywords=9462f7a25fba741ea356e4bc7df2... http://download.suse.com/patch/finder/?keywords=9d8f78866ba011d27c2f208e892f... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org