[security-announce] SUSE-SU-2017:2525-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2525-1 Rating: important References: #1006919 #1012422 #1013862 #1017143 #1020229 #1021256 #1023051 #1024938 #1025013 #1025235 #1026024 #1026722 #1026914 #1027066 #1027101 #1027178 #1027179 #1027406 #1028415 #1028880 #1029212 #1029850 #1030213 #1030573 #1030575 #1030593 #1031003 #1031052 #1031440 #1031481 #1031579 #1031660 #1033287 #1033336 #1034670 #1034838 #1035576 #1037182 #1037183 #1037994 #1038544 #1038564 #1038879 #1038883 #1038981 #1038982 #1039349 #1039354 #1039456 #1039594 #1039882 #1039883 #1039885 #1040069 #1041431 #1042364 #1042863 #1042892 #1044125 #1045416 #1045487 #1046107 #1048232 #1048275 #1049483 #1049603 #1049882 #1050677 #1052311 #1053148 #1053152 #1053760 #1056588 #870618 #948562 #957988 #957990 #963655 #972891 #979681 #983212 #986924 #989896 #999245 Cross-References: CVE-2016-10200 CVE-2016-5243 CVE-2017-1000112 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11176 CVE-2017-11473 CVE-2017-12762 CVE-2017-14051 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-7616 CVE-2017-8831 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type (bsc#1029850). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bsc#1038879). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 1050677 ). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336) - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. This requires a malicious PCI Card. (bnc#1037994). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary could have overflowed the parport_nr array in the following code (bnc#1039456). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). The following non-security bugs were fixed: - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - btrfs: cleanup code of btrfs_balance_delayed_items() (bsc#1034838). - btrfs: do not run delayed nodes again after all nodes flush (bsc#1034838). - btrfs: remove btrfs_end_transaction_dmeta() (bsc#1034838). - btrfs: remove residual code in delayed inode async helper (bsc#1034838). - btrfs: use flags instead of the bool variants in delayed node (bsc#1034838). - cifs: cifs_get_root shouldn't use path with tree name, alternate fix (bsc#963655, bsc#979681, bsc#1027406). - dentry name snapshots (bsc#1049483). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562) (bsc#948562). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919, bnc#1053760). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - keys: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - nfs: Avoid getting confused by confused server (bsc#1045416). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Make nfs_readdir revalidate less often (bsc#1048232). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert "fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - sunrpc: Clean up the slot table allocation (bsc#1013862). - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - usb: wusbcore: fix NULL-deref at probe (bsc#1045487). - Use make --output-sync feature when available (bsc#1012422). - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-source-13284=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13284=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-source-13284=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-source-13284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.5.1 kernel-default-base-3.0.101-0.47.106.5.1 kernel-default-devel-3.0.101-0.47.106.5.1 kernel-source-3.0.101-0.47.106.5.1 kernel-syms-3.0.101-0.47.106.5.1 kernel-trace-3.0.101-0.47.106.5.1 kernel-trace-base-3.0.101-0.47.106.5.1 kernel-trace-devel-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.5.1 kernel-ec2-base-3.0.101-0.47.106.5.1 kernel-ec2-devel-3.0.101-0.47.106.5.1 kernel-xen-3.0.101-0.47.106.5.1 kernel-xen-base-3.0.101-0.47.106.5.1 kernel-xen-devel-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.5.1 kernel-bigsmp-base-3.0.101-0.47.106.5.1 kernel-bigsmp-devel-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.5.1 kernel-pae-base-3.0.101-0.47.106.5.1 kernel-pae-devel-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.5.1 kernel-trace-extra-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.5.1 kernel-default-base-3.0.101-0.47.106.5.1 kernel-default-devel-3.0.101-0.47.106.5.1 kernel-ec2-3.0.101-0.47.106.5.1 kernel-ec2-base-3.0.101-0.47.106.5.1 kernel-ec2-devel-3.0.101-0.47.106.5.1 kernel-pae-3.0.101-0.47.106.5.1 kernel-pae-base-3.0.101-0.47.106.5.1 kernel-pae-devel-3.0.101-0.47.106.5.1 kernel-source-3.0.101-0.47.106.5.1 kernel-syms-3.0.101-0.47.106.5.1 kernel-trace-3.0.101-0.47.106.5.1 kernel-trace-base-3.0.101-0.47.106.5.1 kernel-trace-devel-3.0.101-0.47.106.5.1 kernel-xen-3.0.101-0.47.106.5.1 kernel-xen-base-3.0.101-0.47.106.5.1 kernel-xen-devel-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.5.1 kernel-default-debugsource-3.0.101-0.47.106.5.1 kernel-trace-debuginfo-3.0.101-0.47.106.5.1 kernel-trace-debugsource-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.5.1 kernel-ec2-debugsource-3.0.101-0.47.106.5.1 kernel-xen-debuginfo-3.0.101-0.47.106.5.1 kernel-xen-debugsource-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.5.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.5.1 kernel-pae-debugsource-3.0.101-0.47.106.5.1 References: https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-5243.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-1000363.html https://www.suse.com/security/cve/CVE-2017-1000365.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-10661.html https://www.suse.com/security/cve/CVE-2017-11176.html https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-12762.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-2647.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-5669.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6348.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-6951.html https://www.suse.com/security/cve/CVE-2017-7184.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7482.html https://www.suse.com/security/cve/CVE-2017-7487.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-7616.html https://www.suse.com/security/cve/CVE-2017-8831.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-8924.html https://www.suse.com/security/cve/CVE-2017-8925.html https://www.suse.com/security/cve/CVE-2017-9074.html https://www.suse.com/security/cve/CVE-2017-9075.html https://www.suse.com/security/cve/CVE-2017-9076.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1006919 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1013862 https://bugzilla.suse.com/1017143 https://bugzilla.suse.com/1020229 https://bugzilla.suse.com/1021256 https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1026914 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027101 https://bugzilla.suse.com/1027178 https://bugzilla.suse.com/1027179 https://bugzilla.suse.com/1027406 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028880 https://bugzilla.suse.com/1029212 https://bugzilla.suse.com/1029850 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1030573 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1030593 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1031660 https://bugzilla.suse.com/1033287 https://bugzilla.suse.com/1033336 https://bugzilla.suse.com/1034670 https://bugzilla.suse.com/1034838 https://bugzilla.suse.com/1035576 https://bugzilla.suse.com/1037182 https://bugzilla.suse.com/1037183 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038544 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1038879 https://bugzilla.suse.com/1038883 https://bugzilla.suse.com/1038981 https://bugzilla.suse.com/1038982 https://bugzilla.suse.com/1039349 https://bugzilla.suse.com/1039354 https://bugzilla.suse.com/1039456 https://bugzilla.suse.com/1039594 https://bugzilla.suse.com/1039882 https://bugzilla.suse.com/1039883 https://bugzilla.suse.com/1039885 https://bugzilla.suse.com/1040069 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1045416 https://bugzilla.suse.com/1045487 https://bugzilla.suse.com/1046107 https://bugzilla.suse.com/1048232 https://bugzilla.suse.com/1048275 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050677 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1053148 https://bugzilla.suse.com/1053152 https://bugzilla.suse.com/1053760 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/870618 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/972891 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/983212 https://bugzilla.suse.com/986924 https://bugzilla.suse.com/989896 https://bugzilla.suse.com/999245 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org