June 2017 - openSUSE Security Announce

[security-announce] openSUSE-SU-2017:1572-1: important: Security update for mercurial
by opensuse-security＠opensuse.org 15 Jun '17

15 Jun '17

openSUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1572-1 Rating: important References: #1043063 #1043502 Cross-References: CVE-2017-9462 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-9462: Fix the arbitrary code exec by remote users via "hg serve --stdio" (boo#1043063) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-689=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): mercurial-3.8.3-2.5.1 mercurial-debuginfo-3.8.3-2.5.1 mercurial-debugsource-3.8.3-2.5.1 - openSUSE Leap 42.2 (noarch): mercurial-lang-3.8.3-2.5.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 https://bugzilla.suse.com/1043502 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2017:1568-1: important: Security update for jakarta-taglibs-standard
by opensuse-security＠opensuse.org 14 Jun '17

14 Jun '17

SUSE Security Update: Security update for jakarta-taglibs-standard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1568-1 Rating: important References: #920813 Cross-References: CVE-2015-0254 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-963=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 References: https://www.suse.com/security/cve/CVE-2015-0254.html https://bugzilla.suse.com/920813 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2017:1558-1: important: Security update for mercurial
by opensuse-security＠opensuse.org 13 Jun '17

13 Jun '17

SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1558-1 Rating: important References: #1043063 #1043502 Cross-References: CVE-2017-9462 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-9462: Arbitrary code execution was possible by remote users via "hg serve --stdio" (bsc#1043063): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13144=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.17.1 mercurial-debugsource-2.3.2-0.17.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 https://bugzilla.suse.com/1043502 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1513-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 08 Jun '17

08 Jun '17

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1513-1 Rating: important References: #1003581 #1004003 #1011044 #1012422 #1012452 #1012829 #1012910 #1012985 #1013561 #1018885 #1020412 #1022266 #1026570 #1028310 #1028340 #1029607 #1030057 #1031040 #1031142 #1031470 #1031500 #1031512 #1031717 #1034635 #1034670 #1034762 #1034995 #1035024 #1035866 #1035887 #1035920 #1035922 #1036214 #1036752 #1036763 #1037177 #1037186 #1037384 #1037483 #1037871 #1037969 #1038033 #1038043 #1038142 #1038143 #1038297 #1038458 #1038544 #1038842 #1038843 #1038846 #1038847 #1038848 #1038879 #1039700 #1039864 #1039882 #1039883 #1039885 #1040069 #1040125 #1040279 #1040395 #1040425 #1040463 #1040929 #1040941 #1041087 #1041160 #1041168 #1041242 #799133 #922871 #966321 #971975 #989311 Cross-References: CVE-2017-7487 CVE-2017-7645 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 68 fixes is now available. Description: The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670) The following non-security bugs were fixed: - 9p: fix a potential acl leak (4.4.68 stable queue). - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal (bsc#1031717). - acpi / scan: Drop support for force_remove (bnc#1029607). - ahci: disable correct irq for dummy ports (bsc#1040125). - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68 stable queue). - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode (4.4.68 stable queue). - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable queue). - asoc: rt5640: use msleep() for long delays (bsc#1031717). - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717). - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB numbering (bsc#989311) - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue). - bna: avoid writing uninitialized data into hw registers (bsc#966321 FATE#320156). - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412 FATE#321671). - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable queue). - brcmfmac: Ensure pointer correctly set if skb data location changes (4.4.68 stable queue). - brcmfmac: Make skb header writable before use (4.4.68 stable queue). - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717). - btrfs: add a flags field to btrfs_fs_info (bsc#1012452). - btrfs: add ASSERT for block group's memory leak (bsc#1012452). - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452). - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452). - btrfs: add check to sysfs handler of label (bsc#1012452). - btrfs: add dynamic debug support (bsc#1012452). - btrfs: add error handling for extent buffer in print tree (bsc#1012452). - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452). - btrfs: add missing check for writeback errors on fsync (bsc#1012452). - btrfs: add more validation checks for superblock (bsc#1012452). - btrfs: Add ratelimit to btrfs printing (bsc#1012452). - btrfs: add read-only check to sysfs handler of features (bsc#1012452). - btrfs: add semaphore to synchronize direct IO writes with fsync (bsc#1012452). - btrfs: add tracepoint for adding block groups (bsc#1012452). - btrfs: add tracepoints for flush events (bsc#1012452). - btrfs: add validadtion checks for chunk loading (bsc#1012452). - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452). - btrfs: allow balancing to dup with multi-device (bsc#1012452). - btrfs: always reserve metadata for delalloc extents (bsc#1012452). - btrfs: always use trans->block_rsv for orphans (bsc#1012452). - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452). - btrfs: avoid deadlocks during reservations in btrfs_truncate_block (bsc#1012452). - btrfs: avoid overflowing f_bfree (bsc#1012452). - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452). - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space (bsc#1012452). - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452). - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined (bsc#1012452). - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction (bsc#1012452). - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup() (bsc#1012452). - btrfs: change delayed reservation fallback behavior (bsc#1012452). - btrfs: change how we calculate the global block rsv (bsc#1012452). - btrfs: check btree node's nritems (bsc#1012452). - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452). - btrfs: check inconsistence between chunk and block group (bsc#1012452). - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452). - btrfs: clean the old superblocks before freeing the device (bsc#1012452). - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452). - btrfs: cleanup assigning next active device with a check (bsc#1012452). - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452). - btrfs: Cleanup compress_file_range() (bsc#1012452). - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452). - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452). - btrfs: clone: use vmalloc only as fallback for nodesize bufer (bsc#1012452). - btrfs: convert nodesize macros to static inlines (bsc#1012452). - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452). - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452). - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452). - btrfs: copy_to_sk drop unused root parameter (bsc#1012452). - btrfs: create a helper function to read the disk super (bsc#1012452). - btrfs: create example debugfs file only in debugging build (bsc#1012452). - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: create helper function __check_raid_min_devices() (bsc#1012452). - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452). - btrfs: divide btrfs_update_reserved_bytes() into two functions (bsc#1012452). - btrfs: do not background blkdev_put() (bsc#1012452). - btrfs: do not bother kicking async if there's nothing to reclaim (bsc#1012452). - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452). - btrfs: do not create empty block group if we have allocated data (bsc#1012452). - btrfs: do not decrease bytes_may_use when replaying extents (bsc#1012452). - btrfs: do not do nocow check unless we have to (bsc#1012452). - btrfs: do not do unnecessary delalloc flushes when relocating (bsc#1012452). - btrfs: do not force mounts to wait for cleaner_kthread to delete one or more subvolumes (bsc#1012452). - btrfs: do not wait for unrelated IO to finish before relocation (bsc#1012452). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1035866). - btrfs: end transaction if we abort when creating uuid root (bsc#1012452). - btrfs: enhance btrfs_find_device_by_user_input() to check device path (bsc#1012452). - btrfs: error out if generic_bin_search get invalid arguments (bsc#1012452). - btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize (bsc#1012452). - btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset (bsc#1012452). - btrfs: fill relocation block rsv after allocation (bsc#1012452). - btrfs: fix an integer overflow check (bsc#1012452). - btrfs: fix a possible umount deadlock (bsc#1012452). - btrfs: fix btrfs_no_printk stub helper (bsc#1012452). - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452). - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452). - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452). - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452). - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452). - btrfs: fix check_shared for fiemap ioctl (bsc#1037177). - btrfs: fix crash when tracepoint arguments are freed by wq callbacks (bsc#1012452). - btrfs: fix data loss after truncate when using the no-holes feature (bsc#1036214). - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452). - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452). - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452). - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452). - btrfs: fix double free of fs root (bsc#1012452). - btrfs: fix eb memory leak due to readpage failure (bsc#1012452). - btrfs: fix em leak in find_first_block_group (bsc#1012452). - btrfs: fix emptiness check for dirtied extent buffers at check_leaf() (bsc#1012452). - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452). - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452). - btrfs: fix free space calculation in dump_space_info() (bsc#1012452). - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452). - btrfs: fix fspath error deallocation (bsc#1012452). - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452). - btrfs: Fix integer overflow when calculating bytes_per_bitmap (bsc#1012452). - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395). - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex and uuid_mutex (bsc#1012452). - btrfs: fix lock dep warning move scratch super outside of chunk_mutex (bsc#1012452). - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452). - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452). - btrfs: fix memory leak of block group cache (bsc#1012452). - btrfs: fix memory leak of reloc_root (bsc#1012452). - btrfs: fix mixed block count of available space (bsc#1012452). - btrfs: fix one bug that process may endlessly wait for ticket in wait_reserve_ticket() (bsc#1012452). - btrfs: fix panic in balance due to EIO (bsc#1012452). - btrfs: fix race between block group relocation and nocow writes (bsc#1012452). - btrfs: fix race between device replace and block group removal (bsc#1012452). - btrfs: fix race between device replace and chunk allocation (bsc#1012452). - btrfs: fix race between device replace and discard (bsc#1012452). - btrfs: fix race between device replace and read repair (bsc#1012452). - btrfs: fix race between fsync and direct IO writes for prealloc extents (bsc#1012452). - btrfs: fix race between readahead and device replace/removal (bsc#1012452). - btrfs: fix race setting block group back to RW mode during device replace (bsc#1012452). - btrfs: fix race setting block group readonly during device replace (bsc#1012452). - btrfs: fix read_node_slot to return errors (bsc#1012452). - btrfs: fix release reserved extents trace points (bsc#1012452). - btrfs: fix segmentation fault when doing dio read (bsc#1040425). - btrfs: Fix slab accounting flags (bsc#1012452). - btrfs: fix unexpected return value of fiemap (bsc#1012452). - btrfs: fix unprotected assignment of the left cursor for device replace (bsc#1012452). - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452). - btrfs: flush_space: treat return value of do_chunk_alloc properly (bsc#1012452). - btrfs: Force stripesize to the value of sectorsize (bsc#1012452). - btrfs: free sys_array eb as soon as possible (bsc#1012452). - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452). - btrfs: Handle uninitialised inode eviction (bsc#1012452). - btrfs: hide test-only member under ifdef (bsc#1012452). - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452). - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452). - btrfs: introduce device delete by devid (bsc#1012452). - btrfs: introduce raid-type to error-code table, for minimum device constraint (bsc#1012452). - btrfs: introduce ticketed enospc infrastructure (bsc#1012452). - btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress (bsc#1012452). - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452). - btrfs: kill BUG_ON in do_relocation (bsc#1012452). - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452). - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452). - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452). - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452). - btrfs: kill unused writepage_io_hook callback (bsc#1012452). - btrfs: make find_workspace always succeed (bsc#1012452). - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452). - btrfs: make mapping->writeback_index point to the last written page (bsc#1012452). - btrfs: make state preallocation more speculative in __set_extent_bit (bsc#1012452). - btrfs: make sure device is synced before return (bsc#1012452). - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device() (bsc#1012452). - btrfs: memset to avoid stale content in btree leaf (bsc#1012452). - btrfs: memset to avoid stale content in btree node block (bsc#1012452). - btrfs: move error handling code together in ctree.h (bsc#1012452). - btrfs: optimize check for stale device (bsc#1012452). - btrfs: parent_start initialization cleanup (bsc#1012452). - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452). - btrfs: pass number of devices to btrfs_check_raid_min_devices (bsc#1012452). - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452). - btrfs: preallocate compression workspaces (bsc#1012452). - btrfs: Ratelimit "no csum found" info message (bsc#1012452). - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452). - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning (bsc#1012452). - btrfs: remove BUG() in raid56 (bsc#1012452). - btrfs: remove BUG_ON in start_transaction (bsc#1012452). - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452). - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: remove save_error_info() (bsc#1012452). - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf (bsc#1012452). - btrfs: remove unused function btrfs_assert() (bsc#1012452). - btrfs: rename and document compression workspace members (bsc#1012452). - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452). - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452). - btrfs: rename __check_raid_min_devices (bsc#1012452). - btrfs: rename flags for vol args v2 (bsc#1012452). - btrfs: reorg btrfs_close_one_device() (bsc#1012452). - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452). - btrfs: reuse existing variable in scrub_stripe, reduce stack usage (bsc#1012452). - btrfs: s_bdev is not null after missing replace (bsc#1012452). - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block (bsc#1012452). - btrfs: send: silence an integer overflow warning (bsc#1012452). - btrfs: send: use temporary variable to store allocation size (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_sources_tmp (bsc#1012452). - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452). - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452). - btrfs: Simplify conditions about compress while mapping btrfs flags to inode flags (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452). - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452). - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452). - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452). - btrfs: sink gfp parameter to set_extent_new (bsc#1012452). - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452). - btrfs: skip commit transaction if we do not have enough pinned bytes (bsc#1037186). - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452). - btrfs: switch to common message helpers in open_ctree, adjust messages (bsc#1012452). - btrfs: sysfs: protect reading label by lock (bsc#1012452). - btrfs: trace pinned extents (bsc#1012452). - btrfs: track transid for delayed ref flushing (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move struct btrfs_ioctl_defrag_range_args (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452). - btrfs: unsplit printed strings (bsc#1012452). - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452). - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452). - btrfs: Use correct format specifier (bsc#1012452). - btrfs: use correct offset for reloc_inode in prealloc_file_extent_cluster() (bsc#1012452). - btrfs: use dynamic allocation for root item in create_subvol (bsc#1012452). - btrfs: use existing device constraints table btrfs_raid_array (bsc#1012452). - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes (bsc#1012452). - btrfs: use fs_info directly (bsc#1012452). - btrfs: use new error message helper in qgroup_account_snapshot (bsc#1012452). - btrfs: use root when checking need_async_flush (bsc#1012452). - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452). - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452). - btrfs: warn_on for unaccounted spaces (bsc#1012452). - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864). - ceph: Check that the new inode size is within limits in ceph_fallocate() (bsc#1037969). - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes). - ceph: fix file open flags on ppc64 (bsc#1022266). - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763). - cifs: backport prepath matching fix (bsc#799133). - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue). - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (4.4.68 stable queue). - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717). - crypto: sha-mb - Fix load failure (bsc#1037384). - dell-laptop: Adds support for keyboard backlight timeout AC settings (bsc#1013561). - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500). - dmaengine: dw: fix typo in Kconfig (bsc#1031717). - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125). - dm-mpath: fix race window in do_end_io() (bsc#1011044). - dm round robin: do not use this_cpu_ptr() without having preemption disabled (bsc#1040125). - dm verity fec: fix block calculation (bsc#1040125). - dm verity fec: fix bufio leaks (bsc#1040125). - dm verity fec: limit error correction recursion (bsc#1040125). - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments (bsc#1031717). - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O (bsc#1031717). - drm/i915: Disable tv output on i9x5gm (bsc#1039700). - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error (bsc#1031717). - drm/i915: Fix mismatched INIT power domain disabling during suspend (bsc#1031717). - drm/i915: Nuke debug messages from the pipe update critical section (bsc#1031717). - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717). - drm/i915: relax uncritical udelay_range() (bsc#1031717). - drm/i915: relax uncritical udelay_range() settings (bsc#1031717). - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl (bsc#1040463). - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable queue). - e1000e: Do not return uninitialized stats (bug#1034635). - enic: set skb->hash type properly (bsc#922871 fate#318754). - f2fs: fix bad prefetchw of NULL page (bsc#1012829). - f2fs: sanity check segment count (4.4.68 stable queue). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes). - ftrace: Make ftrace_location_range() global (FATE#322421). - ibmvnic: Add set_link_state routine for setting adapter link state (fate#322021, bsc#1031512). - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021, bsc#1031512). - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021, bsc#1038297). - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297). - ibmvnic: Continue skb processing after skb completion error (fate#322021, bsc#1038297). - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the bounce buffer (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the rx pool (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the tx pool (fate#322021, bsc#1031512). - ibmvnic: Create init/release routines for stats token (fate#322021, bsc#1031512). - ibmvnic: Delete napi's when releasing driver resources (fate#322021, bsc#1038297). - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512). - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021, bsc#1031512). - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021, bsc#1031512). - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes: ed651a10875f). - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512). - ibmvnic: Free skb's in cases of failure in transmit (fate#322021, bsc#1031512). - ibmvnic: Insert header on VLAN tagged received frame (fate#322021, bsc#1031512). - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021, bsc#1031512). - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021, bsc#1031512). - ibmvnic: Move initialization of the stats token to ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021, bsc#1038297). - ibmvnic: Move resource initialization to its own routine (fate#322021, bsc#1038297). - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512). - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297). - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512). - ibmvnic: Remove inflight list (fate#322021, bsc#1031512). - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512). - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297). - ibmvnic: Report errors when failing to release sub-crqs (fate#322021, bsc#1031512). - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512). - ibmvnic: Split initialization of scrqs to its own routine (fate#322021, bsc#1031512). - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512). - ibmvnic: Updated reset handling (fate#322021, bsc#1038297). - ibmvnic: Update main crq initialization and release (fate#322021, bsc#1031512). - ibmvnic: Validate napi exist before disabling them (fate#322021, bsc#1031512). - ibmvnic: Wait for any pending scrqs entries at driver close (fate#322021, bsc#1038297). - ibmvnic: Whitespace correction in release_rx_pools (fate#322021, bsc#1038297). - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717). - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes (stable-4.4.67). - infiniband: avoid dereferencing uninitialized dst on error path (git-fixes). - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843). - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842). - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848). - iommu: Handle default domain attach failure (bsc#1038846). - iommu/vt-d: Do not over-free page table directories (bsc#1038847). - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header (4.4.68 stable queue). - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable queue). - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable queue). - isa: Call isa_bus_init before dependent ISA bus drivers register (bsc#1031717). - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570). - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421). - kABI: move and hide new cxgbi device owner field (bsc#1018885). - kABI: protect cgroup include in kernel/kthread (kabi). - kABI: protect struct mnt_namespace (kabi). - kABI: protect struct snd_fw_async_midi_port (kabi). - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed (4.4.68 stable queue). - kvm: better MWAIT emulation for guests (bsc#1031142). - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue). - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue). - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable queue). - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125). - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices (bsc#1003581). - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125). - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421). - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER (bsc#1031717). - lpfc: remove incorrect lockdep assertion (bsc#1040125). - md.c:didn't unlock the mddev before return EINVAL in array_size_store (bsc#1038143). - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087). - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop (bsc#1038142). - md/raid1: avoid reusing a resync bio after error handling (Fate#311379). - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717). - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717). - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717). - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717). - media: cx23885: uninitialized variable in cx23885_av_work_handler() (bsc#1031717). - media: DaVinci-VPBE: Check return value of a setup_if_config() call in vpbe_set_output() (bsc#1031717). - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717). - media: dib0700: fix NULL-deref at probe (bsc#1031717). - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717). - media: exynos4-is: fix a format string bug (bsc#1031717). - media: gspca: konica: add missing endpoint sanity check (bsc#1031717). - media: lirc_imon: do not leave imon_probe() with mutex held (bsc#1031717). - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717). - media: rc: allow rc modules to be loaded if rc-main is not a module (bsc#1031717). - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717). - media: sh-vou: clarify videobuf2 dependency (bsc#1031717). - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs() (bsc#1031717). - media: usbvision: fix NULL-deref at probe (bsc#1031717). - media: uvcvideo: Fix empty packet statistic (bsc#1031717). - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue). - mmc: debugfs: correct wrong voltage value (bsc#1031717). - mm,compaction: serialize waitqueue_active() checks (bsc#971975). - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717). - mmc: sdhci: restore behavior when setting VDD via external regulator (bsc#1031717). - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM -- git fixes). - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue). - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable queue). - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717). - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717). - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue). - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717). - mwifiex: Remove unused 'chan_num' variable (bsc#1031717). - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717). - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes). - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes). - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes). - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes). - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (bsc#1004003). - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (bsc#1004003). - pci: pciehp: Prioritize data-link event over presence detect (bsc#1031040,bsc#1037483). - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057). - pci: Work around Intel Sunrise Point PCH incorrect ACS capability (bsc#1030057). - perf/x86/intel/uncore: Remove SBOX support for Broadwell server (bsc#1035887). - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue). - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985). - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717). - platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks (bsc#1031717). - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717). - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs (bsc#1031717). - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717). - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717). - powerpc: Create a helper for getting the kernel toc value (FATE#322421). - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421). - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421). - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace (FATE#322421). - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421). - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421). - powerpc/livepatch: Add livepatch header (FATE#322421). - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421). - powerpc/livepatch: Add livepatch stack to struct thread_info (FATE#322421). - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421). - powerpc/module: Mark module stubs with a magic value (FATE#322421). - powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421). - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421). - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue). - power: supply: bq24190_charger: Call power_supply_changed() for relevant component (4.4.68 stable queue). - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() (4.4.68 stable queue). - power: supply: bq24190_charger: Do not read fault register outside irq_handle_thread() (4.4.68 stable queue). - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING (4.4.68 stable queue). - power: supply: bq24190_charger: Handle fault before status on interrupt (4.4.68 stable queue). - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() (4.4.68 stable queue). - ppc64le: Update ppc64le config files to use KGRAFT. - printk: Switch to the sync mode when an emergency message is printed (bsc#1034995). - RDMA/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570). - RDMA/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570). - RDMA/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570). - regulator: isl9305: fix array size (bsc#1031717). - Revert "acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)" (kabi). - Revert "KVM: nested VMX: disable perf cpuid reporting" (4.4.68 stable queue). - Revert "l2tp: take reference on sessions being dumped" (kabi). - Revert "mac80211: pass block ack session timeout to to driver" (kabi). - Revert "mac80211: RX BA support for sta max_rx_aggregation_subframes" (kabi). - Revert "wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event" (kabi). - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate (bsc#1035922) - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable queue). - s390/dasd: check if query host access feature is supported (bsc#1037871). - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458). - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458). - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458). - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458). - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() (bsc#1038458). - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458). - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458). - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458). - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458). - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458). - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458). - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458). - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458). - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458). - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458). - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458). - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458). - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458). - scsi: be2iscsi: Move functions to right files (bsc#1038458). - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458). - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458). - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset (bsc#1038458). - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458). - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458). - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458). - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458). - scsi: be2iscsi: Update copyright information (bsc#1038458). - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458). - scsi: be2iscsi: Update the driver version (bsc#1038458). - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885). - scsi: cxlflash: Remove the device cleanly in the system shutdown path (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3 - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340). - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue). - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68 stable queue). - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable queue). - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable queue). - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() (bsc#1031717). - staging: wlan-ng: add missing byte order conversion (4.4.68 stable queue). - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes). - sunrpc: fix UDP memory accounting (git-fixes). - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue). - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68 stable queue). - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985). - usb: chipidea: Handle extcon events properly (4.4.68 stable queue). - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable queue). - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: musb: ux500: Fix NULL pointer dereference at system PM (bsc#1038033). - usb: serial: ark3116: fix open error handling (bnc#1038043). - usb: serial: ch341: add register and USB request definitions (bnc#1038043). - usb: serial: ch341: add support for parity, frame length, stop bits (bnc#1038043). - usb: serial: ch341: fix baud rate and line-control handling (bnc#1038043). - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043). - usb: serial: ch341: fix modem-status handling (bnc#1038043). - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043). - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68 stable queue). - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043). - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043). - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable queue). - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable queue). - usb: serial: quatech2: fix control-message error handling (bnc#1038043). - usb: serial: sierra: fix bogus alternate-setting assumption (bnc#1038043). - usb: serial: ssu100: fix control-message error handling (bnc#1038043). - usb: serial: ti_usb_3410_5052: fix control-message error handling (4.4.68 stable queue). - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available. - Use up spare in struct module for livepatch (FATE#322421). - vsock: Detach QP check should filter out non matching QPs (bsc#1036752). - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable queue). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 (4.4.68 stable queue). - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68 stable queue). - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024). - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024). - x86/platform/uv/BAU: Add status mmr location fields to bau_control (bsc#1035024). - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024). - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (bsc#1035024). - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024). - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024). - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (bsc#1035024). - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024). - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024). - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (bsc#1035024). - x86/platform/uv/BAU: Disable software timeout on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (bsc#1035024). - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (bsc#1035024). - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version information (bsc#1035024). - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024). - xen: adjust early dom0 p2m handling to xen hypervisor behavior (bnc#1031470). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1041160). - xfs: fix eofblocks race with file extending async dio writes (bsc#1040929). - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168). - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (bsc#1041168). - xfs: in _attrlist_by_handle, copy the cursor back to userspace (bsc#1041242). - xfs: only return -errno or success from attr ->put_listent (bsc#1041242). - xfs: Split default quota limits by quota type (bsc#1040941). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-666=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): kernel-devel-4.4.70-18.9.1 kernel-docs-4.4.70-18.9.2 kernel-docs-html-4.4.70-18.9.2 kernel-docs-pdf-4.4.70-18.9.2 kernel-macros-4.4.70-18.9.1 kernel-source-4.4.70-18.9.1 kernel-source-vanilla-4.4.70-18.9.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.70-18.9.1 kernel-debug-base-4.4.70-18.9.1 kernel-debug-base-debuginfo-4.4.70-18.9.1 kernel-debug-debuginfo-4.4.70-18.9.1 kernel-debug-debugsource-4.4.70-18.9.1 kernel-debug-devel-4.4.70-18.9.1 kernel-debug-devel-debuginfo-4.4.70-18.9.1 kernel-default-4.4.70-18.9.1 kernel-default-base-4.4.70-18.9.1 kernel-default-base-debuginfo-4.4.70-18.9.1 kernel-default-debuginfo-4.4.70-18.9.1 kernel-default-debugsource-4.4.70-18.9.1 kernel-default-devel-4.4.70-18.9.1 kernel-obs-build-4.4.70-18.9.1 kernel-obs-build-debugsource-4.4.70-18.9.1 kernel-obs-qa-4.4.70-18.9.1 kernel-syms-4.4.70-18.9.1 kernel-vanilla-4.4.70-18.9.1 kernel-vanilla-base-4.4.70-18.9.1 kernel-vanilla-base-debuginfo-4.4.70-18.9.1 kernel-vanilla-debuginfo-4.4.70-18.9.1 kernel-vanilla-debugsource-4.4.70-18.9.1 kernel-vanilla-devel-4.4.70-18.9.1 References: https://www.suse.com/security/cve/CVE-2017-7487.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9074.html https://www.suse.com/security/cve/CVE-2017-9075.html https://www.suse.com/security/cve/CVE-2017-9076.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9150.html https://bugzilla.suse.com/1003581 https://bugzilla.suse.com/1004003 https://bugzilla.suse.com/1011044 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012452 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1012910 https://bugzilla.suse.com/1012985 https://bugzilla.suse.com/1013561 https://bugzilla.suse.com/1018885 https://bugzilla.suse.com/1020412 https://bugzilla.suse.com/1022266 https://bugzilla.suse.com/1026570 https://bugzilla.suse.com/1028310 https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1029607 https://bugzilla.suse.com/1030057 https://bugzilla.suse.com/1031040 https://bugzilla.suse.com/1031142 https://bugzilla.suse.com/1031470 https://bugzilla.suse.com/1031500 https://bugzilla.suse.com/1031512 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1034635 https://bugzilla.suse.com/1034670 https://bugzilla.suse.com/1034762 https://bugzilla.suse.com/1034995 https://bugzilla.suse.com/1035024 https://bugzilla.suse.com/1035866 https://bugzilla.suse.com/1035887 https://bugzilla.suse.com/1035920 https://bugzilla.suse.com/1035922 https://bugzilla.suse.com/1036214 https://bugzilla.suse.com/1036752 https://bugzilla.suse.com/1036763 https://bugzilla.suse.com/1037177 https://bugzilla.suse.com/1037186 https://bugzilla.suse.com/1037384 https://bugzilla.suse.com/1037483 https://bugzilla.suse.com/1037871 https://bugzilla.suse.com/1037969 https://bugzilla.suse.com/1038033 https://bugzilla.suse.com/1038043 https://bugzilla.suse.com/1038142 https://bugzilla.suse.com/1038143 https://bugzilla.suse.com/1038297 https://bugzilla.suse.com/1038458 https://bugzilla.suse.com/1038544 https://bugzilla.suse.com/1038842 https://bugzilla.suse.com/1038843 https://bugzilla.suse.com/1038846 https://bugzilla.suse.com/1038847 https://bugzilla.suse.com/1038848 https://bugzilla.suse.com/1038879 https://bugzilla.suse.com/1039700 https://bugzilla.suse.com/1039864 https://bugzilla.suse.com/1039882 https://bugzilla.suse.com/1039883 https://bugzilla.suse.com/1039885 https://bugzilla.suse.com/1040069 https://bugzilla.suse.com/1040125 https://bugzilla.suse.com/1040279 https://bugzilla.suse.com/1040395 https://bugzilla.suse.com/1040425 https://bugzilla.suse.com/1040463 https://bugzilla.suse.com/1040929 https://bugzilla.suse.com/1040941 https://bugzilla.suse.com/1041087 https://bugzilla.suse.com/1041160 https://bugzilla.suse.com/1041168 https://bugzilla.suse.com/1041242 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/922871 https://bugzilla.suse.com/966321 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/989311 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1507-1: important: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 08 Jun '17

08 Jun '17

openSUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1507-1 Rating: important References: #1034849 Cross-References: CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849 * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8168699: Validate special case invocations - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR1969: Add AArch32 JIT port - PR3297: Allow Shenandoah to be used on AArch64 - PR3340: jstack.stp should support AArch64 * Import of OpenJDK 8 u131 build 11 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7167293: FtpURLConnection connection leak on FileNotFoundException - S8035568: [macosx] Cursor management unification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910, PR3346: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993, PR3346: G1 crashes if active_processor_count changes during startup - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8168774: Polymorhic signature method check crashes javac - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173030: Temporary backout fix #8035568 from 8u131-b03 - S8173031: Temporary backout fix #8171952 from 8u131-b03 - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled - S8176044: (tz) Support tzdata2017a * Backports - S6457406, PR3335: javadoc doesn't handle <a href='http://...'> properly in producing index pages - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch - S8030253, PR3335: Update langtools to use strings-in-switch - S8030262, PR3335: Update langtools to use foreach loops - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently - S8031625, PR3335: javadoc problems referencing inner class constructors - S8031649, PR3335: Clean up javadoc tests - S8031670, PR3335: Remove unneeded -source options in javadoc tests - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private - S8034174, PR2290: Remove use of JVM_* functions from java.net code - S8034182, PR2290: Misc. warnings in java.net code - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code' - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors. - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp - S8041150, PR3335: Avoid silly use of static methods in JavadocTester - S8041253, PR3335: Avoid redundant synonyms of NO_TEST - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8061305, PR3335: Javadoc crashes when method name ends with "Property" - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests - S8075670, PR3337: Remove intermittent keyword from some tests - S8078334, PR3337: Mark regression tests using randomness - S8078880, PR3337: Mark a few more intermittently failuring security-libs - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier - S8144539, PR3337: Update PKCS11 tests to run with security manager - S8144566, PR3352: Custom HostnameVerifier disables SNI extension - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command - S8155049, PR3352: New tests from 8144566 fail with "No expected Server Name Indication" - S8173941, PR3326: SA does not work if executable is DSO - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test * Bug fixes - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error - PR3378: Perl should be mandatory - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path * AArch64 port - S8168699, PR3372: Validate special case invocations [AArch64 support] - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp * AArch32 port - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles - PR3385: aarch32 does not support -Xshare:dump - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32 - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build * Shenandoah - Fix Shenandoah argument checking on 32bit builds. - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23 This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-662=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): java-1_8_0-openjdk-1.8.0.131-10.8.1 java-1_8_0-openjdk-accessibility-1.8.0.131-10.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.131-10.8.1 java-1_8_0-openjdk-debugsource-1.8.0.131-10.8.1 java-1_8_0-openjdk-demo-1.8.0.131-10.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-10.8.1 java-1_8_0-openjdk-devel-1.8.0.131-10.8.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-10.8.1 java-1_8_0-openjdk-headless-1.8.0.131-10.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-10.8.1 java-1_8_0-openjdk-src-1.8.0.131-10.8.1 - openSUSE Leap 42.2 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.131-10.8.1 References: https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3512.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3526.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1034849 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1502-1: important: Security update for chromium
by opensuse-security＠opensuse.org 07 Jun '17

07 Jun '17

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1502-1 Rating: important References: #1042833 Cross-References: CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth - CVE-2017-5075: Information leak in CSP reporting - CVE-2017-5086: Address spoofing in Omnibox - CVE-2017-5076: Address spoofing in Omnibox - CVE-2017-5077: Heap buffer overflow in Skia - CVE-2017-5078: Possible command injection in mailto handling - CVE-2017-5079: UI spoofing in Blink - CVE-2017-5080: Use after free in credit card autofill - CVE-2017-5081: Extension verification bypass - CVE-2017-5082: Insufficient hardening in credit card editor - CVE-2017-5083: UI spoofing in Blink - CVE-2017-5085: Inappropriate javascript execution on WebUI pages Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-661=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): chromedriver-59.0.3071.86-104.15.1 chromedriver-debuginfo-59.0.3071.86-104.15.1 chromium-59.0.3071.86-104.15.1 chromium-debuginfo-59.0.3071.86-104.15.1 chromium-debugsource-59.0.3071.86-104.15.1 References: https://www.suse.com/security/cve/CVE-2017-5070.html https://www.suse.com/security/cve/CVE-2017-5071.html https://www.suse.com/security/cve/CVE-2017-5072.html https://www.suse.com/security/cve/CVE-2017-5073.html https://www.suse.com/security/cve/CVE-2017-5074.html https://www.suse.com/security/cve/CVE-2017-5075.html https://www.suse.com/security/cve/CVE-2017-5076.html https://www.suse.com/security/cve/CVE-2017-5077.html https://www.suse.com/security/cve/CVE-2017-5078.html https://www.suse.com/security/cve/CVE-2017-5079.html https://www.suse.com/security/cve/CVE-2017-5080.html https://www.suse.com/security/cve/CVE-2017-5081.html https://www.suse.com/security/cve/CVE-2017-5082.html https://www.suse.com/security/cve/CVE-2017-5083.html https://www.suse.com/security/cve/CVE-2017-5085.html https://www.suse.com/security/cve/CVE-2017-5086.html https://bugzilla.suse.com/1042833 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1501-1: important: Security update for chromium
by opensuse-security＠opensuse.org 07 Jun '17

07 Jun '17

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1501-1 Rating: important References: #1042833 Cross-References: CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth - CVE-2017-5075: Information leak in CSP reporting - CVE-2017-5086: Address spoofing in Omnibox - CVE-2017-5076: Address spoofing in Omnibox - CVE-2017-5077: Heap buffer overflow in Skia - CVE-2017-5078: Possible command injection in mailto handling - CVE-2017-5079: UI spoofing in Blink - CVE-2017-5080: Use after free in credit card autofill - CVE-2017-5081: Extension verification bypass - CVE-2017-5082: Insufficient hardening in credit card editor - CVE-2017-5083: UI spoofing in Blink - CVE-2017-5085: Inappropriate javascript execution on WebUI pages Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-661=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-59.0.3071.86-20.1 chromedriver-debuginfo-59.0.3071.86-20.1 chromium-59.0.3071.86-20.1 chromium-debuginfo-59.0.3071.86-20.1 chromium-debugsource-59.0.3071.86-20.1 References: https://www.suse.com/security/cve/CVE-2017-5070.html https://www.suse.com/security/cve/CVE-2017-5071.html https://www.suse.com/security/cve/CVE-2017-5072.html https://www.suse.com/security/cve/CVE-2017-5073.html https://www.suse.com/security/cve/CVE-2017-5074.html https://www.suse.com/security/cve/CVE-2017-5075.html https://www.suse.com/security/cve/CVE-2017-5076.html https://www.suse.com/security/cve/CVE-2017-5077.html https://www.suse.com/security/cve/CVE-2017-5078.html https://www.suse.com/security/cve/CVE-2017-5079.html https://www.suse.com/security/cve/CVE-2017-5080.html https://www.suse.com/security/cve/CVE-2017-5081.html https://www.suse.com/security/cve/CVE-2017-5082.html https://www.suse.com/security/cve/CVE-2017-5083.html https://www.suse.com/security/cve/CVE-2017-5085.html https://www.suse.com/security/cve/CVE-2017-5086.html https://bugzilla.suse.com/1042833 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1497-1: important: Security update for deluge
by opensuse-security＠opensuse.org 06 Jun '17

06 Jun '17

openSUSE Security Update: Security update for deluge ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1497-1 Rating: important References: #1039815 #1039958 Cross-References: CVE-2017-7178 CVE-2017-9031 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for deluge fixes two security issues: - CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface (bsc#1039815) - CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the WebUI (bsc#1039958) In addition, deluge was updated to 1.3.15 with the following fixes and changes: - Core: Fix issues with displaying libtorrent-rasterbar single proxy. - Core: Fix libtorrent-rasterbar 1.2 trackers crashing Deluge UIs. - Core: Fix an error in torrent priorities causing file priority mismatch in UIs. - GtkUI: Fix column sort state not saved in Thinclient mode. - GtkUI: Fix a connection manager error with malformed ip. - GtkUI: Rename SystemTray/Indicator "Pause/Resume All" to "Pause/Resume Session". - GtkUI: Workaround libtorrent-rasterbar single proxy by greying out unused proxy types. - Notification Plugin: Fix webui passing string for int port value. - AutoAdd Plugin: Add WebUI preferences page detailing lack of configuration via WebUI. - Label Plugin: Add WebUI preferences page detailing how to configure plugin. - Core: Fix 'Too many files open' errors. - Core: Add support for python-GeoIP for use with libtorrent 1.1. - Core: Fix a single proxy entry being overwritten resulting in no proxy set. - UI: Add the tracker_status translation to UIs. - GtkUI: Strip whitespace from infohash before checks. - GtkUI: Add a missed feature autofill infohash entry from clipboard. - WebUI: Backport bind interface option for server. - ConsoleUI: Fix a decode error comparing non-ascii (str) torrent names. - AutoAdd Plugin: Fixes for splitting magnets from file. - Remove the duplicate magnet extension when splitting. - Remove deluge-libtorrent-1.1-geoip.patch: fixed upstream. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-656=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): deluge-1.3.15-3.3.1 deluge-lang-1.3.15-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-7178.html https://www.suse.com/security/cve/CVE-2017-9031.html https://bugzilla.suse.com/1039815 https://bugzilla.suse.com/1039958 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2017:1475-1: important: Security update for mariadb
by opensuse-security＠opensuse.org 02 Jun '17

02 Jun '17

openSUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1475-1 Rating: important References: #1020868 #1020890 #1020976 #1022428 #1034911 #1038740 #996821 Cross-References: CVE-2017-3302 CVE-2017-3313 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA * notable changes: * XtraDB updated to 5.6.35-80.0 * TokuDB updated to 5.6.35-80.0 * PCRE updated to 8.40 * MDEV-11027: better InnoDB crash recovery progress reporting * MDEV-11520: improvements to how InnoDB data files are extended * Improvements to InnoDB startup/shutdown to make it more robust * MDEV-11233: fix for FULLTEXT index crash * MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename * release notes and changelog: * https://kb.askmonty.org/en/mariadb-10030-release-notes * https://kb.askmonty.org/en/mariadb-10030-changelog * fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428] - set the default umask to 077 in mysql-systemd-helper [bsc#1020976] - [bsc#1034911] - tracker bug * fixes also [bsc#1020868] This update for mariadb fixes permissions for /var/run/mysql in mysql-systemd-helper that were incorrectly set to 700 instead of 755 due to umask. This prevented non-root users from connecting to the database. This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-644=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libmysqlclient-devel-10.0.30-20.4.1 libmysqlclient18-10.0.30-20.4.1 libmysqlclient18-debuginfo-10.0.30-20.4.1 libmysqlclient_r18-10.0.30-20.4.1 libmysqld-devel-10.0.30-20.4.1 libmysqld18-10.0.30-20.4.1 libmysqld18-debuginfo-10.0.30-20.4.1 mariadb-10.0.30-20.4.1 mariadb-bench-10.0.30-20.4.1 mariadb-bench-debuginfo-10.0.30-20.4.1 mariadb-client-10.0.30-20.4.1 mariadb-client-debuginfo-10.0.30-20.4.1 mariadb-debuginfo-10.0.30-20.4.1 mariadb-debugsource-10.0.30-20.4.1 mariadb-errormessages-10.0.30-20.4.1 mariadb-test-10.0.30-20.4.1 mariadb-test-debuginfo-10.0.30-20.4.1 mariadb-tools-10.0.30-20.4.1 mariadb-tools-debuginfo-10.0.30-20.4.1 - openSUSE Leap 42.2 (x86_64): libmysqlclient18-32bit-10.0.30-20.4.1 libmysqlclient18-debuginfo-32bit-10.0.30-20.4.1 libmysqlclient_r18-32bit-10.0.30-20.4.1 References: https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3313.html https://bugzilla.suse.com/1020868 https://bugzilla.suse.com/1020890 https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1034911 https://bugzilla.suse.com/1038740 https://bugzilla.suse.com/996821 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2017:1471-1: important: Security update for strongswan
by opensuse-security＠opensuse.org 01 Jun '17

01 Jun '17

SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1471-1 Rating: important References: #1039514 #1039515 Cross-References: CVE-2017-9022 CVE-2017-9023 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-13136=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-13136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.35.1 strongswan-doc-4.4.0-6.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.35.1 strongswan-debugsource-4.4.0-6.35.1 References: https://www.suse.com/security/cve/CVE-2017-9022.html https://www.suse.com/security/cve/CVE-2017-9023.html https://bugzilla.suse.com/1039514 https://bugzilla.suse.com/1039515 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0