openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2017
- 1 participants
- 78 discussions
[security-announce] openSUSE-SU-2017:2311-1: important: Security update for samba and resource-agents
by opensuse-security@opensuse.org 31 Aug '17
by opensuse-security@opensuse.org 31 Aug '17
31 Aug '17
openSUSE Security Update: Security update for samba and resource-agents
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2311-1
Rating: important
References: #1048278 #1048339 #1048352 #1048387 #1048790
#1052577 #1054017
Cross-References: CVE-2017-11103
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update provides Samba 4.6.7, which fixes the following issues:
- CVE-2017-11103: Metadata were being taken from the unauthenticated
plaintext (the Ticket) rather than the authenticated and encrypted KDC
response. (bsc#1048278)
- Fix cephwrap_chdir(). (bsc#1048790)
- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb.
(bsc#1048339)
- Fix inconsistent ctdb socket path. (bsc#1048352)
- Fix non-admin cephx authentication. (bsc#1048387)
- CTDB cannot start when there is no persistent database. (bsc#1052577)
The CTDB resource agent was also fixed to not fail when the database is
empty.
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-987=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
ctdb-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-tests-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-tests-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
ldirectord-4.0.1+git.1495055229.643177f1-3.1
libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-devel-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr-devel-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi-devel-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util-devel-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
resource-agents-4.0.1+git.1495055229.643177f1-3.1
resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-3.1
resource-agents-debugsource-4.0.1+git.1495055229.643177f1-3.1
samba-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-core-devel-4.6.7+git.38.90b2cdb4f22-3.1
samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-pidl-4.6.7+git.38.90b2cdb4f22-3.1
samba-python-4.6.7+git.38.90b2cdb4f22-3.1
samba-python-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-test-4.6.7+git.38.90b2cdb4f22-3.1
samba-test-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
- openSUSE Leap 42.3 (noarch):
monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-3.1
samba-doc-4.6.7+git.38.90b2cdb4f22-3.1
- openSUSE Leap 42.3 (x86_64):
libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-ceph-4.6.7+git.38.90b2cdb4f22-3.1
samba-ceph-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
References:
https://www.suse.com/security/cve/CVE-2017-11103.html
https://bugzilla.suse.com/1048278
https://bugzilla.suse.com/1048339
https://bugzilla.suse.com/1048352
https://bugzilla.suse.com/1048387
https://bugzilla.suse.com/1048790
https://bugzilla.suse.com/1052577
https://bugzilla.suse.com/1054017
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2306-1: important: Security update for postgresql93
by opensuse-security@opensuse.org 31 Aug '17
by opensuse-security@opensuse.org 31 Aug '17
31 Aug '17
openSUSE Security Update: Security update for postgresql93
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2306-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
Postgresql93 was updated to 9.3.18 to fix the following issues:
* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)
The changelog for the release is here:
https://www.postgresql.org/docs/9.3/static/release-9-3-18.html
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-985=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-985=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
postgresql93-devel-9.3.18-8.1
postgresql93-devel-debuginfo-9.3.18-8.1
postgresql93-libs-debugsource-9.3.18-8.1
- openSUSE Leap 42.3 (x86_64):
postgresql93-9.3.18-8.1
postgresql93-contrib-9.3.18-8.1
postgresql93-contrib-debuginfo-9.3.18-8.1
postgresql93-debuginfo-9.3.18-8.1
postgresql93-debugsource-9.3.18-8.1
postgresql93-plperl-9.3.18-8.1
postgresql93-plperl-debuginfo-9.3.18-8.1
postgresql93-plpython-9.3.18-8.1
postgresql93-plpython-debuginfo-9.3.18-8.1
postgresql93-pltcl-9.3.18-8.1
postgresql93-pltcl-debuginfo-9.3.18-8.1
postgresql93-server-9.3.18-8.1
postgresql93-server-debuginfo-9.3.18-8.1
postgresql93-test-9.3.18-8.1
- openSUSE Leap 42.3 (noarch):
postgresql93-docs-9.3.18-8.1
- openSUSE Leap 42.2 (i586 x86_64):
postgresql93-devel-9.3.18-5.12.1
postgresql93-devel-debuginfo-9.3.18-5.12.1
postgresql93-libs-debugsource-9.3.18-5.12.1
- openSUSE Leap 42.2 (noarch):
postgresql93-docs-9.3.18-5.12.1
- openSUSE Leap 42.2 (x86_64):
postgresql93-9.3.18-5.12.1
postgresql93-contrib-9.3.18-5.12.1
postgresql93-contrib-debuginfo-9.3.18-5.12.1
postgresql93-debuginfo-9.3.18-5.12.1
postgresql93-debugsource-9.3.18-5.12.1
postgresql93-plperl-9.3.18-5.12.1
postgresql93-plperl-debuginfo-9.3.18-5.12.1
postgresql93-plpython-9.3.18-5.12.1
postgresql93-plpython-debuginfo-9.3.18-5.12.1
postgresql93-pltcl-9.3.18-5.12.1
postgresql93-pltcl-debuginfo-9.3.18-5.12.1
postgresql93-server-9.3.18-5.12.1
postgresql93-server-debuginfo-9.3.18-5.12.1
postgresql93-test-9.3.18-5.12.1
References:
https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2303-1: important: Security update for php7
by opensuse-security@opensuse.org 30 Aug '17
by opensuse-security@opensuse.org 30 Aug '17
30 Aug '17
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2303-1
Rating: important
References: #1047454 #1048094 #1048096 #1048100 #1048111
#1048112 #1050241 #1050726 #1052389 #1053645
#986386
Cross-References: CVE-2016-10397 CVE-2016-5766 CVE-2017-11142
CVE-2017-11144 CVE-2017-11145 CVE-2017-11146
CVE-2017-11147 CVE-2017-11628 CVE-2017-7890
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________
An update that solves 9 vulnerabilities and has two fixes
is now available.
Description:
This update for php7 fixes the following issues:
- CVE-2016-10397: parse_url() can be bypassed to return fake host.
(bsc#1047454)
- CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of
service attack by injectinglong form variables, related to
main/php_variables. (bsc#1048100)
- CVE-2017-11144: The opensslextension PEM sealing code did not check the
return value of the OpenSSL sealingfunction, which could lead to a
crash. (bsc#1048096)
- CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to
information leak. (bsc#1048112)
- CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code
could lead to information leak. (bsc#1048111)
- CVE-2017-11147: The PHAR archive handler could beused by attackers
supplying malicious archive files to crash the PHP interpreteror
potentially disclose information. (bsc#1048094)
- CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could
lead to denial of service (bsc#1050726)
- CVE-2017-7890: Buffer over-read from unitialized data in
gdImageCreateFromGifCtx function could lead to denial of service
(bsc#1050241)
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
overflow could lead to denial of service or code execution (bsc#986386)
Other fixes:
- Soap Request with References (bsc#1053645)
- php7-pear should explicitly require php7-pear-Archive_Tar
otherwise this dependency must be declared in every php7-pear-* package
explicitly. [bnc#1052389]
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1417=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1417=1
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1417=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-devel-7.0.7-50.9.2
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-devel-7.0.7-50.9.2
- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.0.7-50.9.2
apache2-mod_php7-debuginfo-7.0.7-50.9.2
php7-7.0.7-50.9.2
php7-bcmath-7.0.7-50.9.2
php7-bcmath-debuginfo-7.0.7-50.9.2
php7-bz2-7.0.7-50.9.2
php7-bz2-debuginfo-7.0.7-50.9.2
php7-calendar-7.0.7-50.9.2
php7-calendar-debuginfo-7.0.7-50.9.2
php7-ctype-7.0.7-50.9.2
php7-ctype-debuginfo-7.0.7-50.9.2
php7-curl-7.0.7-50.9.2
php7-curl-debuginfo-7.0.7-50.9.2
php7-dba-7.0.7-50.9.2
php7-dba-debuginfo-7.0.7-50.9.2
php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-dom-7.0.7-50.9.2
php7-dom-debuginfo-7.0.7-50.9.2
php7-enchant-7.0.7-50.9.2
php7-enchant-debuginfo-7.0.7-50.9.2
php7-exif-7.0.7-50.9.2
php7-exif-debuginfo-7.0.7-50.9.2
php7-fastcgi-7.0.7-50.9.2
php7-fastcgi-debuginfo-7.0.7-50.9.2
php7-fileinfo-7.0.7-50.9.2
php7-fileinfo-debuginfo-7.0.7-50.9.2
php7-fpm-7.0.7-50.9.2
php7-fpm-debuginfo-7.0.7-50.9.2
php7-ftp-7.0.7-50.9.2
php7-ftp-debuginfo-7.0.7-50.9.2
php7-gd-7.0.7-50.9.2
php7-gd-debuginfo-7.0.7-50.9.2
php7-gettext-7.0.7-50.9.2
php7-gettext-debuginfo-7.0.7-50.9.2
php7-gmp-7.0.7-50.9.2
php7-gmp-debuginfo-7.0.7-50.9.2
php7-iconv-7.0.7-50.9.2
php7-iconv-debuginfo-7.0.7-50.9.2
php7-imap-7.0.7-50.9.2
php7-imap-debuginfo-7.0.7-50.9.2
php7-intl-7.0.7-50.9.2
php7-intl-debuginfo-7.0.7-50.9.2
php7-json-7.0.7-50.9.2
php7-json-debuginfo-7.0.7-50.9.2
php7-ldap-7.0.7-50.9.2
php7-ldap-debuginfo-7.0.7-50.9.2
php7-mbstring-7.0.7-50.9.2
php7-mbstring-debuginfo-7.0.7-50.9.2
php7-mcrypt-7.0.7-50.9.2
php7-mcrypt-debuginfo-7.0.7-50.9.2
php7-mysql-7.0.7-50.9.2
php7-mysql-debuginfo-7.0.7-50.9.2
php7-odbc-7.0.7-50.9.2
php7-odbc-debuginfo-7.0.7-50.9.2
php7-opcache-7.0.7-50.9.2
php7-opcache-debuginfo-7.0.7-50.9.2
php7-openssl-7.0.7-50.9.2
php7-openssl-debuginfo-7.0.7-50.9.2
php7-pcntl-7.0.7-50.9.2
php7-pcntl-debuginfo-7.0.7-50.9.2
php7-pdo-7.0.7-50.9.2
php7-pdo-debuginfo-7.0.7-50.9.2
php7-pgsql-7.0.7-50.9.2
php7-pgsql-debuginfo-7.0.7-50.9.2
php7-phar-7.0.7-50.9.2
php7-phar-debuginfo-7.0.7-50.9.2
php7-posix-7.0.7-50.9.2
php7-posix-debuginfo-7.0.7-50.9.2
php7-pspell-7.0.7-50.9.2
php7-pspell-debuginfo-7.0.7-50.9.2
php7-shmop-7.0.7-50.9.2
php7-shmop-debuginfo-7.0.7-50.9.2
php7-snmp-7.0.7-50.9.2
php7-snmp-debuginfo-7.0.7-50.9.2
php7-soap-7.0.7-50.9.2
php7-soap-debuginfo-7.0.7-50.9.2
php7-sockets-7.0.7-50.9.2
php7-sockets-debuginfo-7.0.7-50.9.2
php7-sqlite-7.0.7-50.9.2
php7-sqlite-debuginfo-7.0.7-50.9.2
php7-sysvmsg-7.0.7-50.9.2
php7-sysvmsg-debuginfo-7.0.7-50.9.2
php7-sysvsem-7.0.7-50.9.2
php7-sysvsem-debuginfo-7.0.7-50.9.2
php7-sysvshm-7.0.7-50.9.2
php7-sysvshm-debuginfo-7.0.7-50.9.2
php7-tokenizer-7.0.7-50.9.2
php7-tokenizer-debuginfo-7.0.7-50.9.2
php7-wddx-7.0.7-50.9.2
php7-wddx-debuginfo-7.0.7-50.9.2
php7-xmlreader-7.0.7-50.9.2
php7-xmlreader-debuginfo-7.0.7-50.9.2
php7-xmlrpc-7.0.7-50.9.2
php7-xmlrpc-debuginfo-7.0.7-50.9.2
php7-xmlwriter-7.0.7-50.9.2
php7-xmlwriter-debuginfo-7.0.7-50.9.2
php7-xsl-7.0.7-50.9.2
php7-xsl-debuginfo-7.0.7-50.9.2
php7-zip-7.0.7-50.9.2
php7-zip-debuginfo-7.0.7-50.9.2
php7-zlib-7.0.7-50.9.2
php7-zlib-debuginfo-7.0.7-50.9.2
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php7-pear-7.0.7-50.9.2
php7-pear-Archive_Tar-7.0.7-50.9.2
References:
https://www.suse.com/security/cve/CVE-2016-10397.html
https://www.suse.com/security/cve/CVE-2016-5766.html
https://www.suse.com/security/cve/CVE-2017-11142.html
https://www.suse.com/security/cve/CVE-2017-11144.html
https://www.suse.com/security/cve/CVE-2017-11145.html
https://www.suse.com/security/cve/CVE-2017-11146.html
https://www.suse.com/security/cve/CVE-2017-11147.html
https://www.suse.com/security/cve/CVE-2017-11628.html
https://www.suse.com/security/cve/CVE-2017-7890.html
https://bugzilla.suse.com/1047454
https://bugzilla.suse.com/1048094
https://bugzilla.suse.com/1048096
https://bugzilla.suse.com/1048100
https://bugzilla.suse.com/1048111
https://bugzilla.suse.com/1048112
https://bugzilla.suse.com/1050241
https://bugzilla.suse.com/1050726
https://bugzilla.suse.com/1052389
https://bugzilla.suse.com/1053645
https://bugzilla.suse.com/986386
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2302-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 30 Aug '17
by opensuse-security@opensuse.org 30 Aug '17
30 Aug '17
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2302-1
Rating: important
References: #1031485 #1052829
Cross-References: CVE-2017-7753 CVE-2017-7779 CVE-2017-7782
CVE-2017-7784 CVE-2017-7785 CVE-2017-7786
CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7798 CVE-2017-7800 CVE-2017-7801
CVE-2017-7802 CVE-2017-7803 CVE-2017-7804
CVE-2017-7807
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes 16 vulnerabilities is now available.
Description:
Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829)
Following security issues were fixed:
* MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback
* MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with
data: protocol and modal alerts
* MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an
extremely long OID
* MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory
without DEP protections
* MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes
through page reloads
* MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting
non-displayable SVG
* MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes
in DOM
* MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers
* MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data
and pseudo-elements
* MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools
* MFSA 2017-19/CVE-2017-7804: Memory protection bypass through
WindowsDllDetourPatcher
* MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and
Firefox ESR 52.3
* MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during
disconnection
* MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window
resizing
* MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements
* MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied
This update also fixes:
- fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups
enabled and running on cpu >=1 (bsc#1031485)
- The Itanium ia64 build was fixed.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-MozillaFirefox-13254=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-MozillaFirefox-13254=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-MozillaFirefox-13254=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-MozillaFirefox-13254=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-MozillaFirefox-13254=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-MozillaFirefox-13254=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-devel-52.3.0esr-72.9.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
MozillaFirefox-debuginfo-52.3.0esr-72.9.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
MozillaFirefox-debuginfo-52.3.0esr-72.9.1
References:
https://www.suse.com/security/cve/CVE-2017-7753.html
https://www.suse.com/security/cve/CVE-2017-7779.html
https://www.suse.com/security/cve/CVE-2017-7782.html
https://www.suse.com/security/cve/CVE-2017-7784.html
https://www.suse.com/security/cve/CVE-2017-7785.html
https://www.suse.com/security/cve/CVE-2017-7786.html
https://www.suse.com/security/cve/CVE-2017-7787.html
https://www.suse.com/security/cve/CVE-2017-7791.html
https://www.suse.com/security/cve/CVE-2017-7792.html
https://www.suse.com/security/cve/CVE-2017-7798.html
https://www.suse.com/security/cve/CVE-2017-7800.html
https://www.suse.com/security/cve/CVE-2017-7801.html
https://www.suse.com/security/cve/CVE-2017-7802.html
https://www.suse.com/security/cve/CVE-2017-7803.html
https://www.suse.com/security/cve/CVE-2017-7804.html
https://www.suse.com/security/cve/CVE-2017-7807.html
https://bugzilla.suse.com/1031485
https://bugzilla.suse.com/1052829
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2294-1: important: Security update for quagga
by opensuse-security@opensuse.org 29 Aug '17
by opensuse-security@opensuse.org 29 Aug '17
29 Aug '17
SUSE Security Update: Security update for quagga
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2294-1
Rating: important
References: #1005258 #1021669 #1034273
Cross-References: CVE-2016-1245 CVE-2017-5495
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update provides Quagga 1.1.1, which brings several fixes and
enhancements.
Security issues fixed:
- CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory
allocation. (bsc#1021669)
- CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258)
Bug fixes:
- Do not enable zebra's TCP interface (port 2600) to use default UNIX
socket for communication between the daemons. (fate#323170)
Between 0.99.22.1 and 1.1.1 the following improvements have been
implemented:
- Changed the default of 'link-detect' state, controlling whether zebra
will respond to link-state events and consider an interface to be down
when link is down. To retain the current behavior save your config
before updating, otherwise remove the 'link-detect' flag from your
config prior to updating. There is also a new global 'default
link-detect (on|off)' flag to configure the global default.
- Greatly improved nexthop resolution for recursive routes.
- Event driven nexthop resolution for BGP.
- Route tags support.
- Transport of TE related metrics over OSPF, IS-IS.
- IPv6 Multipath for zebra and BGP.
- Multicast RIB support has been extended. It still is IPv4 only.
- RIP for IPv4 now supports equal-cost multipath (ECMP).
- route-maps have a new action "set ipv6 next-hop peer-address".
- route-maps have a new action "set as-path prepend last-as".
- "next-hop-self all" to override nexthop on iBGP route reflector setups.
- New pimd daemon provides IPv4 PIM-SSM multicast routing.
- IPv6 address management has been improved regarding tentative addresses.
This is visible in that a freshly configured address will not
immediately be marked as usable.
- Recursive route support has been overhauled. Scripts parsing "show ip
route" output may need adaptation.
- A large amount of changes has been merged for ospf6d. Careful evaluation
prior to deployment is recommended.
- Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4
nexthop by looking at the interface.
- Relaxed bestpath criteria for multipath and improved display of
multipath routes in "show ip bgp". Scripts parsing this output may need
to be updated.
- Support for iBGP TTL security.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1407=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1407=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1407=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1407=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1407=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
quagga-debuginfo-1.1.1-17.3.3
quagga-debugsource-1.1.1-17.3.3
quagga-devel-1.1.1-17.3.3
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
quagga-debuginfo-1.1.1-17.3.3
quagga-debugsource-1.1.1-17.3.3
quagga-devel-1.1.1-17.3.3
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libfpm_pb0-1.1.1-17.3.3
libfpm_pb0-debuginfo-1.1.1-17.3.3
libospf0-1.1.1-17.3.3
libospf0-debuginfo-1.1.1-17.3.3
libospfapiclient0-1.1.1-17.3.3
libospfapiclient0-debuginfo-1.1.1-17.3.3
libquagga_pb0-1.1.1-17.3.3
libquagga_pb0-debuginfo-1.1.1-17.3.3
libzebra1-1.1.1-17.3.3
libzebra1-debuginfo-1.1.1-17.3.3
quagga-1.1.1-17.3.3
quagga-debuginfo-1.1.1-17.3.3
quagga-debugsource-1.1.1-17.3.3
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
libfpm_pb0-1.1.1-17.3.3
libfpm_pb0-debuginfo-1.1.1-17.3.3
libospf0-1.1.1-17.3.3
libospf0-debuginfo-1.1.1-17.3.3
libospfapiclient0-1.1.1-17.3.3
libospfapiclient0-debuginfo-1.1.1-17.3.3
libquagga_pb0-1.1.1-17.3.3
libquagga_pb0-debuginfo-1.1.1-17.3.3
libzebra1-1.1.1-17.3.3
libzebra1-debuginfo-1.1.1-17.3.3
quagga-1.1.1-17.3.3
quagga-debuginfo-1.1.1-17.3.3
quagga-debugsource-1.1.1-17.3.3
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
libfpm_pb0-1.1.1-17.3.3
libfpm_pb0-debuginfo-1.1.1-17.3.3
libospf0-1.1.1-17.3.3
libospf0-debuginfo-1.1.1-17.3.3
libospfapiclient0-1.1.1-17.3.3
libospfapiclient0-debuginfo-1.1.1-17.3.3
libquagga_pb0-1.1.1-17.3.3
libquagga_pb0-debuginfo-1.1.1-17.3.3
libzebra1-1.1.1-17.3.3
libzebra1-debuginfo-1.1.1-17.3.3
quagga-1.1.1-17.3.3
quagga-debuginfo-1.1.1-17.3.3
quagga-debugsource-1.1.1-17.3.3
References:
https://www.suse.com/security/cve/CVE-2016-1245.html
https://www.suse.com/security/cve/CVE-2017-5495.html
https://bugzilla.suse.com/1005258
https://bugzilla.suse.com/1021669
https://bugzilla.suse.com/1034273
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2289-1: important: Security update for exim
by opensuse-security@opensuse.org 29 Aug '17
by opensuse-security@opensuse.org 29 Aug '17
29 Aug '17
openSUSE Security Update: Security update for exim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2289-1
Rating: important
References: #1015930 #1044692 #1046971
Cross-References: CVE-2016-1531 CVE-2016-9963 CVE-2017-1000369
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for exim fixes the following issues:
Changes in exim:
- specify users with ref:mail, to make them dynamic. (boo#1046971)
- CVE-2017-1000369: Fixed memory leaks that could be exploited to "stack
crash" local privilege escalation (boo#1044692)
- Require user(mail) group(mail) to meet new users handling in TW.
- Prerequire permissions (fixes rpmlint).
- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
- CVE-2016-1531: when installed setuid root, allows local users to gain
privileges via the perl_startup argument.
- CVE-2016-9963: DKIM information leakage (boo#1015930)
- Makefile tuning:
+ add sqlite support
+ disable WITH_OLD_DEMIME
+ enable AUTH_CYRUS_SASL
+ enable AUTH_TLS
+ enable SYSLOG_LONG_LINES
+ enable SUPPORT_PAM
+ MAX_NAMED_LIST=64
+ enable EXPERIMENTAL_DMARC
+ enable EXPERIMENTAL_EVENT
+ enable EXPERIMENTAL_PROXY
+ enable EXPERIMENTAL_CERTNAMES
+ enable EXPERIMENTAL_DSN
+ enable EXPERIMENTAL_DANE
+ enable EXPERIMENTAL_SOCKS
+ enable EXPERIMENTAL_INTERNATIONAL
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-980=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-980=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (x86_64):
exim-4.86.2-14.1
exim-debuginfo-4.86.2-14.1
exim-debugsource-4.86.2-14.1
eximon-4.86.2-14.1
eximon-debuginfo-4.86.2-14.1
eximstats-html-4.86.2-14.1
- openSUSE Leap 42.2 (x86_64):
exim-4.86.2-10.6.1
exim-debuginfo-4.86.2-10.6.1
exim-debugsource-4.86.2-10.6.1
eximon-4.86.2-10.6.1
eximon-debuginfo-4.86.2-10.6.1
eximstats-html-4.86.2-10.6.1
References:
https://www.suse.com/security/cve/CVE-2016-1531.html
https://www.suse.com/security/cve/CVE-2016-9963.html
https://www.suse.com/security/cve/CVE-2017-1000369.html
https://bugzilla.suse.com/1015930
https://bugzilla.suse.com/1044692
https://bugzilla.suse.com/1046971
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2286-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 29 Aug '17
by opensuse-security@opensuse.org 29 Aug '17
29 Aug '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2286-1
Rating: important
References: #1005778 #1006180 #1011913 #1012829 #1013887
#1015337 #1015342 #1016119 #1019151 #1019695
#1020645 #1022476 #1022600 #1022604 #1023175
#1024346 #1024373 #1025461 #1026570 #1028173
#1028286 #1029693 #1030552 #1031515 #1031717
#1031784 #1033587 #1034075 #1034113 #1034762
#1036215 #1036632 #1037344 #1037404 #1037838
#1037994 #1038078 #1038616 #1038792 #1039153
#1039348 #1039915 #1040307 #1040347 #1040351
#1041958 #1042257 #1042286 #1042314 #1042422
#1042778 #1043261 #1043347 #1043520 #1043598
#1043652 #1043805 #1043912 #1044112 #1044443
#1044623 #1044636 #1045154 #1045293 #1045330
#1045404 #1045563 #1045596 #1045709 #1045715
#1045866 #1045922 #1045937 #1046105 #1046170
#1046434 #1046651 #1046655 #1046682 #1046821
#1046985 #1047027 #1047048 #1047096 #1047118
#1047121 #1047152 #1047174 #1047277 #1047343
#1047354 #1047418 #1047506 #1047595 #1047651
#1047653 #1047670 #1047802 #1048146 #1048155
#1048221 #1048317 #1048348 #1048356 #1048421
#1048451 #1048501 #1048891 #1048912 #1048914
#1048916 #1048919 #1049231 #1049289 #1049298
#1049361 #1049483 #1049486 #1049603 #1049619
#1049645 #1049706 #1049882 #1050061 #1050188
#1050211 #1050320 #1050322 #1050677 #1051022
#1051048 #1051059 #1051239 #1051399 #1051471
#1051478 #1051479 #1051556 #1051663 #1051689
#1051979 #1052049 #1052223 #1052311 #1052325
#1052365 #1052442 #1052533 #1052709 #1052773
#1052794 #1052899 #1052925 #1053043 #1053117
#964063 #974215 #998664
Cross-References: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-10810
CVE-2017-11473 CVE-2017-7533 CVE-2017-7541
CVE-2017-7542 CVE-2017-8831
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Live Patching 12-SP3
SUSE Linux Enterprise High Availability 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has 150 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000111: Fixed a race condition in net-packet code that could
be exploited to cause out-of-bounds memory access (bsc#1052365).
- CVE-2017-1000112: Fixed a race condition in net-packet code that could
have been exploited by unprivileged users to gain root access.
(bsc#1052311).
- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bnc#1049882).
- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bnc#1049603).
- CVE-2017-7533: Race condition in the fsnotify implementation in the
Linux kernel allowed local users to gain privileges or cause a denial of
service (memory corruption) via a crafted application that leverages
simultaneous execution of the inotify_handle_event and vfs_rename
functions (bnc#1049483 bnc#1050677).
- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
kernel allowed local users to cause a denial of service (buffer overflow
and system crash) or possibly gain privileges via a crafted
NL80211_CMD_FRAME Netlink packet (bnc#1049645).
- CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in
drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed
attackers to cause a denial of service (memory consumption) by
triggering object-initialization failures (bnc#1047277).
The following non-security bugs were fixed:
- acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2
(bsc#1052325).
- acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).
- acpi / processor: Avoid reserving IO regions too early (bsc#1051478).
- acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
- Add "shutdown" to "struct class" (bsc#1053117).
- af_key: Add lock to key dump (bsc#1047653).
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
- alsa: fm801: Initialize chip after IRQ handler is registered
(bsc#1031717).
- alsa: hda - add more ML register definitions (bsc#1048356).
- alsa: hda - add sanity check to force the separate stream tags
(bsc#1048356).
- alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356).
- alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356).
- alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356).
- alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356).
- alsa: hda - Fix endless loop of codec configure (bsc#1031717).
- alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356).
- alsa: hda - Loop interrupt handling until really cleared (bsc#1048356).
- alsa: hda - move bus_parse_capabilities to core (bsc#1048356).
- alsa: hda - set input_path bitmap to zero after moving it to new place
(bsc#1031717).
- alsa: hda - set intel audio clock to a proper value (bsc#1048356).
- arm64: kernel: restrict /dev/mem read() calls to linear region
(bsc#1046651).
- arm64: mm: remove page_mapping check in __sync_icache_dcache
(bsc#1040347).
- arm64: Update config files. Disable DEVKMEM
- b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
- bcache: force trigger gc (bsc#1038078).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).
- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
- blacklist.conf: add inapplicable commits for wifi (bsc#1031717)
- blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)
- blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).
- blacklist.conf: add unapplicable drm fixes (bsc#1031717).
- blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()
argument type') (bsc#1051478) Fixes only a compile-warning.
- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in
test_nmi_ipi()') It only fixes a self-test (bsc#1051478).
- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help
text file path reference to lockup watchdog documentation') Updates only
kconfig help-text (bsc#1051478).
- blkfront: add uevent for size change (bnc#1036632).
- blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866).
- block: add kblock_mod_delayed_work_on() (bsc#1050211).
- block: Allow bdi re-registration (bsc#1040307).
- block: do not allow updates through sysfs until registration completes
(bsc#1047027).
- block: Fix front merge check (bsc#1051239).
- block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet
time (bsc#1050211).
- block: Make del_gendisk() safer for disks without queues (bsc#1040307).
- block: Move bdi_unregister() to del_gendisk() (bsc#1040307).
- block: provide bio_uninit() free freeing integrity/task associations
(bsc#1050211).
- bluetooth: hidp: fix possible might sleep error in hidp_session_thread
(bsc#1031784).
- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).
- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).
- btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- btrfs: fix lockup in find_free_extent with read-only block groups
(bsc#1046682).
- btrfs: incremental send, fix invalid path for link commands
(bsc#1051479).
- btrfs: incremental send, fix invalid path for unlink commands
(bsc#1051479).
- btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).
- btrfs: resume qgroup rescan on rw remount (bsc#1047152).
- btrfs: Round down values which are written for total_bytes_size
(bsc#1043912).
- btrfs: send, fix invalid path after renaming and linking file
(bsc#1051479).
- cifs: Fix some return values in case of error in 'crypt_message'
(bnc#1047802).
- clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect
variable (bsc#1045937).
- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
- crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).
- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).
- cxgb4: fix a NULL dereference (bsc#1005778).
- cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).
- cxgb4: fix memory leak in init_one() (bsc#1005778).
- cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).
- dentry name snapshots (bsc#1049483).
- device-dax: fix sysfs attribute deadlock (bsc#1048919).
- dm: fix second blk_delay_queue() parameter to be in msec units not
(bsc#1047670).
- dm: make flush bios explicitly sync (bsc#1050211).
- dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520)
- drivers/char: kmem: disable on arm64 (bsc#1046655).
- drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60
seconds (bnc#1039153)
- drivers: hv: Fix a typo (fate#320485).
- drivers: hv: Fix the bug in generating the guest ID (fate#320485).
- drivers: hv: util: Fix a typo (fate#320485).
- drivers: hv: util: Make hv_poll_channel() a little more efficient
(fate#320485).
- drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page
(fate#320485).
- drivers: hv: vmbus: Fix error code returned by vmbus_post_msg()
(fate#320485).
- drivers: hv: vmbus: Get the current time from the current clocksource
(fate#320485, bnc#1044112).
- drivers: hv: vmbus: Get the current time from the current clocksource
(fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
- drivers: hv: vmbus: Increase the time between retries in
vmbus_post_msg() (fate#320485, bnc#1044112).
- drivers: hv: vmbus: Increase the time between retries in
vmbus_post_msg() (fate#320485, bnc#1044112).
- drivers: hv: vmbus: Move the code to signal end of message (fate#320485).
- drivers: hv: vmbus: Move the definition of generate_guest_id()
(fate#320485).
- drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents
(fate#320485).
- drivers: hv: vmbus: Restructure the clockevents code (fate#320485).
- drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions
(bsc#1031717).
- drm/bochs: Implement nomodeset (bsc#1047096).
- drm/i915/fbdev: Stop repeating tile configuration on stagnation
(bsc#1031717).
- drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).
- drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).
- drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).
- drm/vmwgfx: Fix large topology crash (bsc#1048155).
- drm/vmwgfx: Support topology greater than texture size (bsc#1048155).
- Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'
- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).
- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).
- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
(bsc#1012829).
- Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356).
- Fix kABI breakage by KVM CVE fix (bsc#1045922).
- fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).
- fs: pass on flags in compat_writev (bsc#1050211).
- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
- gcov: add support for gcc version >= 6 (bsc#1051663).
- gcov: support GCC 7.1 (bsc#1051663).
- gfs2: fix flock panic issue (bsc#1012829).
- hpsa: limit transfer length to 1MB (bsc#1025461).
- hrtimer: Catch invalid clockids again (bsc#1047651).
- hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).
- hv_netvsc: change netvsc device default duplex to FULL (fate#320485).
- hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).
- hv_netvsc: Fix the carrier state error when data path is off
(fate#320485).
- hv_netvsc: Fix the queue index computation in forwarding case
(bsc#1048421).
- hv_netvsc: Remove unnecessary var link_state from struct
netvsc_device_info (fate#320485).
- hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).
- hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,
bnc#1044112).
- hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,
bnc#1044112, bnc#1042778, bnc#1029693).
- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,
bnc#1044112).
- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,
bnc#1044112, bnc#1042778, bnc#1029693).
- hv_util: switch to using timespec64 (fate#320485).
- hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).
- hyperv: fix warning about missing prototype (fate#320485).
- hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary
(fate#320485).
- hyperv: remove unnecessary return variable (fate#320485).
- i2c: designware-baytrail: fix potential null pointer dereference on dev
(bsc#1011913).
- i40e: add hw struct local variable (bsc#1039915).
- i40e: add private flag to control source pruning (bsc#1034075).
- i40e: add VSI info to macaddr messages (bsc#1039915).
- i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).
- i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).
- i40e: delete filter after adding its replacement when converting
(bsc#1039915).
- i40e: do not add broadcast filter for VFs (bsc#1039915).
- i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1
(bsc#1039915).
- i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter
(bsc#1039915).
- i40e: enable VSI broadcast promiscuous mode instead of adding broadcast
filter (bsc#1039915).
- i40e: factor out addition/deletion of VLAN per each MAC address
(bsc#1039915).
- i40e: fix ethtool to get EEPROM data from X722 interface (bsc#1047418).
- i40e: fix MAC filters when removing VLANs (bsc#1039915).
- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan
(bsc#1039915).
- i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).
- i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).
- i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).
- i40e: move all updates for VLAN mode into i40e_sync_vsi_filters
(bsc#1039915).
- i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).
- i40e: no need to check is_vsi_in_vlan before calling
i40e_del_mac_all_vlan (bsc#1039915).
- i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters
(bsc#1039915).
- i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).
- i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan
(bsc#1039915).
- i40e: refactor i40e_update_filter_state to avoid passing aq_err
(bsc#1039915).
- i40e: refactor Rx filter handling (bsc#1039915).
- i40e: Removal of workaround for simple MAC address filter deletion
(bsc#1039915).
- i40e: remove code to handle dev_addr specially (bsc#1039915).
- i40e: removed unreachable code (bsc#1039915).
- i40e: remove duplicate add/delete adminq command code for filters
(bsc#1039915).
- i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid
(bsc#1039915).
- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan
(bsc#1039915).
- i40e: restore workaround for removing default MAC filter (bsc#1039915).
- i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).
- i40e: store MAC/VLAN filters in a hash with the MAC Address as key
(bsc#1039915).
- i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID
(bsc#1039915).
- i40evf: fix merge error in older patch (bsc#1024346 FATE#321239
bsc#1024373 FATE#321247).
- i40e: when adding or removing MAC filters, correctly handle VLANs
(bsc#1039915).
- i40e: When searching all MAC/VLAN filters, ignore removed filters
(bsc#1039915).
- i40e: write HENA for VFs (bsc#1039915).
- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).
- IB/iser: Fix connection teardown race condition (bsc#1050211).
- ibmvnic: Check for transport event on driver resume (bsc#1051556,
bsc#1052709).
- ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).
- ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).
- IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).
- iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value
(bsc#1031717).
- include/linux/mmzone.h: simplify zone_intersects() (bnc#1047506).
- input: gpio-keys - fix check for disabling unsupported keys
(bsc#1031717).
- introduce the walk_process_tree() helper (bnc#1022476).
- iommu/amd: Add flush counters to struct dma_ops_domain (bsc#1045709).
- iommu/amd: Add locking to per-domain flush-queue (bsc#1045709).
- iommu/amd: Add new init-state IOMMU_CMDLINE_DISABLED (bsc#1045715).
- iommu/amd: Add per-domain flush-queue data structures (bsc#1045709).
- iommu/amd: Add per-domain timer to flush per-cpu queues (bsc#1045709).
- iommu/amd: Check for error states first in iommu_go_to_state()
(bsc#1045715).
- iommu/amd: Constify irq_domain_ops (bsc#1045709).
- iommu/amd: Disable IOMMUs at boot if they are enabled (bsc#1045715).
- iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).
- iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471).
- iommu/amd: Fix schedule-while-atomic BUG in initialization code
(bsc1052533).
- iommu/amd: Free already flushed ring-buffer entries before full-check
(bsc#1045709).
- iommu/amd: Free IOMMU resources when disabled on command line
(bsc#1045715).
- iommu/amd: Make use of the per-domain flush queue (bsc#1045709).
- iommu/amd: Ratelimit io-page-faults per device (bsc#1045709).
- iommu/amd: Reduce amount of MMIO when submitting commands (bsc#1045709).
- iommu/amd: Reduce delay waiting for command buffer space (bsc#1045709).
- iommu/amd: Remove amd_iommu_disabled check from amd_iommu_detect()
(bsc#1045715).
- iommu/amd: Remove queue_release() function (bsc#1045709).
- iommu/amd: Rename free_on_init_error() (bsc#1045715).
- iommu/amd: Rip out old queue flushing code (bsc#1045709).
- iommu/amd: Set global pointers to NULL after freeing them (bsc#1045715).
- iommu/amd: Suppress IO_PAGE_FAULTs in kdump kernel (bsc#1045715
bsc#1043261).
- iommu: Remove a patch because it caused problems for users. See
bsc#1048348.
- ipv4: Should use consistent conditional judgement for ip fragment in
__ip_append_data and ip_finish_output (bsc#1041958).
- ipv6: Should use consistent conditional judgement for ip6 fragment
between __ip6_append_data and ip6_finish_output (bsc#1041958).
- iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570).
- iwlwifi: 8000: fix MODULE_FIRMWARE input (FATE#321353, FATE#323335).
- iwlwifi: 9000: increase the number of queues (FATE#321353, FATE#323335).
- iwlwifi: add device ID for 8265 (FATE#321353, FATE#323335).
- iwlwifi: add device IDs for the 8265 device (FATE#321353, FATE#323335).
- iwlwifi: add disable_11ac module param (FATE#321353, FATE#323335).
- iwlwifi: add new 3168 series devices support (FATE#321353, FATE#323335).
- iwlwifi: add new 8260 PCI IDs (FATE#321353, FATE#323335).
- iwlwifi: add new 8265 (FATE#321353, FATE#323335).
- iwlwifi: add new 8265 series PCI ID (FATE#321353, FATE#323335).
- iwlwifi: Add new PCI IDs for 9260 and 5165 series (FATE#321353,
FATE#323335).
- iwlwifi: Add PCI IDs for the new 3168 series (FATE#321353, FATE#323335).
- iwlwifi: Add PCI IDs for the new series 8165 (FATE#321353, FATE#323335).
- iwlwifi: add support for 12K Receive Buffers (FATE#321353, FATE#323335).
- iwlwifi: add support for getting HW address from CSR (FATE#321353,
FATE#323335).
- iwlwifi: avoid d0i3 commands when no/init ucode is loaded (FATE#321353,
FATE#323335).
- iwlwifi: bail out in case of bad trans state (FATE#321353, FATE#323335).
- iwlwifi: block the queues when we send ADD_STA for uAPSD (FATE#321353,
FATE#323335).
- iwlwifi: change the Intel Wireless email address (FATE#321353,
FATE#323335).
- iwlwifi: change the Intel Wireless email address (FATE#321353,
FATE#323335).
- iwlwifi: check for valid ethernet address provided by OEM (FATE#321353,
FATE#323335).
- iwlwifi: clean up transport debugfs handling (FATE#321353, FATE#323335).
- iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode
(FATE#321353, FATE#323335).
- iwlwifi: Document missing module options (FATE#321353, FATE#323335).
- iwlwifi: dump prph registers in a common place for all transports
(FATE#321353, FATE#323335).
- iwlwifi: dvm: advertise NETIF_F_SG (FATE#321353, FATE#323335).
- iwlwifi: dvm: fix compare_const_fl.cocci warnings (FATE#321353,
FATE#323335).
- iwlwifi: dvm: handle zero brightness for wifi LED (FATE#321353,
FATE#323335).
- iwlwifi: dvm: remove a wrong dependency on m (FATE#321353, FATE#323335).
- iwlwifi: dvm: remove Kconfig default (FATE#321353, FATE#323335).
- iwlwifi: dvm: remove stray debug code (FATE#321353, FATE#323335).
- iwlwifi: export the _no_grab version of PRPH IO functions (FATE#321353,
FATE#323335).
- iwlwifi: expose fw usniffer mode to more utilities (FATE#321353,
FATE#323335).
- iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 (FATE#321353,
FATE#323335).
- iwlwifi: Fix firmware name maximum length definition (FATE#321353,
FATE#323335).
- iwlwifi: fix name of ucode loaded for 8265 series (FATE#321353,
FATE#323335).
- iwlwifi: fix printf specifier (FATE#321353, FATE#323335).
- iwlwifi: generalize d0i3_entry_timeout module parameter (FATE#321353,
FATE#323335).
- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
- iwlwifi: mvm: adapt the firmware assert log to new firmware
(FATE#321353, FATE#323335).
- iwlwifi: mvm: add 9000-series RX API (FATE#321353, FATE#323335).
- iwlwifi: mvm: add 9000 series RX processing (FATE#321353, FATE#323335).
- iwlwifi: mvm: add a non-trigger window to fw dbg triggers (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add an option to start rs from HT/VHT rates (FATE#321353,
FATE#323335).
- iwlwifi: mvm: Add a station in monitor mode (FATE#321353, FATE#323335).
- iwlwifi: mvm: add bt rrc and ttc to debugfs (FATE#321353, FATE#323335).
- iwlwifi: mvm: add bt settings to debugfs (FATE#321353, FATE#323335).
- iwlwifi: mvm: add ctdp operations to debugfs (FATE#321353, FATE#323335).
- iwlwifi: mvm: add CT-KILL notification (FATE#321353, FATE#323335).
- iwlwifi: mvm: add debug print if scan config is ignored (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add extended dwell time (FATE#321353, FATE#323335).
- iwlwifi: mvm: add new ADD_STA command version (FATE#321353, FATE#323335).
- iwlwifi: mvm: Add P2P client snoozing (FATE#321353, FATE#323335).
- iwlwifi: mvm: add registration to cooling device (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add registration to thermal zone (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add support for negative temperatures (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add tlv for multi queue rx support (FATE#321353,
FATE#323335).
- iwlwifi: mvm: add trigger for firmware dump upon TDLS events
(FATE#321353, FATE#323335).
- iwlwifi: mvm: add trigger for firmware dump upon TX response status
(FATE#321353, FATE#323335).
- iwlwifi: mvm: advertise NETIF_F_SG (FATE#321353, FATE#323335).
- iwlwifi: mvm: Align bt-coex priority with requirements (FATE#321353,
FATE#323335).
- iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface
(FATE#321353, FATE#323335).
- iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning (FATE#321353,
FATE#323335).
- iwlwifi: mvm: avoid panics with thermal device usage (FATE#321353,
FATE#323335).
- iwlwifi: mvm: avoid to WARN about gscan capabilities (FATE#321353,
FATE#323335).
- iwlwifi: mvm: bail out if CTDP start operation fails (FATE#321353,
FATE#323335).
- iwlwifi: mvm: bump firmware API to 21 (FATE#321353, FATE#323335).
- iwlwifi: mvm: bump max API to 20 (FATE#321353, FATE#323335).
- iwlwifi: mvm: change access to ieee80211_hdr (FATE#321353, FATE#323335).
- iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station
(FATE#321353, FATE#323335).
- iwlwifi: mvm: change mcc update API (FATE#321353, FATE#323335).
- iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk (FATE#321353,
FATE#323335).
- iwlwifi: mvm: Change number of associated stations when station becomes
associated (FATE#321353, FATE#323335).
- iwlwifi: mvm: change protocol offload flows (FATE#321353, FATE#323335).
- iwlwifi: mvm: change the check for ADD_STA status (FATE#321353,
FATE#323335).
- iwlwifi: mvm: check FW's response for nvm access write cmd (FATE#321353,
FATE#323335).
- iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value
(FATE#321353, FATE#323335).
- iwlwifi: mvm: check minimum temperature notification length
(FATE#321353, FATE#323335).
- iwlwifi: mvm: cleanup roc te on restart cleanup (FATE#321353,
FATE#323335).
- iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).
- iwlwifi: mvm: Configure fragmented scan for scheduled scan (FATE#321353,
FATE#323335).
- iwlwifi: mvm: configure scheduled scan according to traffic conditions
(FATE#321353, FATE#323335).
- iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c
(FATE#321353, FATE#323335).
- iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured
(FATE#321353, FATE#323335).
- iwlwifi: mvm: disable DQA support (FATE#321353, FATE#323335).
- iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta
(FATE#321353, FATE#323335).
- iwlwifi: mvm: do not keep an mvm ref when the interface is down
(FATE#321353, FATE#323335).
- iwlwifi: mvm: do not let NDPs mess the packet tracking (FATE#321353,
FATE#323335).
- iwlwifi: mvm: do not restart HW if suspend fails with unified image
(FATE#321353, FATE#323335).
- iwlwifi: mvm: Do not switch to D3 image on suspend (FATE#321353,
FATE#323335).
- iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes
(FATE#321353, FATE#323335).
- iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit (FATE#321353,
FATE#323335).
- iwlwifi: mvm: dump more registers upon error (FATE#321353, FATE#323335).
- iwlwifi: mvm: dump the radio registers when the firmware crashes
(FATE#321353, FATE#323335).
- iwlwifi: mvm: enable L3 filtering (FATE#321353, FATE#323335).
- iwlwifi: mvm: Enable MPLUT only on supported hw (FATE#321353,
FATE#323335).
- iwlwifi: mvm: enable VHT MU-MIMO for supported hardware (FATE#321353,
FATE#323335).
- iwlwifi: mvm: extend time event duration (FATE#321353, FATE#323335).
- iwlwifi: mvm: fix accessing Null pointer during fw dump collection
(FATE#321353, FATE#323335).
- iwlwifi: mvm: fix d3_test with unified D0/D3 images (FATE#321353,
FATE#323335).
- iwlwifi: mvm: fix debugfs signedness warning (FATE#321353, FATE#323335).
- iwlwifi: mvm: fix extended dwell time (FATE#321353, FATE#323335).
- iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans()
(FATE#321353, FATE#323335).
- iwlwifi: mvm: fix memory leaks in error paths upon fw error dump
(FATE#321353, FATE#323335).
- iwlwifi: mvm: fix netdetect starting/stopping for unified images
(FATE#321353, FATE#323335).
- iwlwifi: mvm: fix RSS key sizing (FATE#321353, FATE#323335).
- iwlwifi: mvm: fix unregistration of thermal in some error flows
(FATE#321353, FATE#323335).
- iwlwifi: mvm: flush all used TX queues before suspending (FATE#321353,
FATE#323335).
- iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not
support it (FATE#321353, FATE#323335).
- iwlwifi: mvm: handle pass all scan reporting (FATE#321353, FATE#323335).
- iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans
(FATE#321353, FATE#323335).
- iwlwifi: mvm: infrastructure for frame-release message (FATE#321353,
FATE#323335).
- iwlwifi: mvm: kill iwl_mvm_enable_agg_txq (FATE#321353, FATE#323335).
- iwlwifi: mvm: let the firmware choose the antenna for beacons
(FATE#321353, FATE#323335).
- iwlwifi: mvm: make collecting fw debug data optional (FATE#321353,
FATE#323335).
- iwlwifi: mvm: move fw-dbg code to separate file (FATE#321353,
FATE#323335).
- iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw
(FATE#321353, FATE#323335).
- iwlwifi: mvm: prepare the code towards TSO implementation (FATE#321353,
FATE#323335).
- iwlwifi: mvm: refactor d3 key update functions (FATE#321353,
FATE#323335).
- iwlwifi: mvm: refactor the way fw_key_table is handled (FATE#321353,
FATE#323335).
- iwlwifi: mvm: remove an extra tab (FATE#321353, FATE#323335).
- iwlwifi: mvm: Remove bf_vif from iwl_power_vifs (FATE#321353,
FATE#323335).
- iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort (FATE#321353,
FATE#323335).
- iwlwifi: mvm: remove redundant d0i3 flag from the config struct
(FATE#321353, FATE#323335).
- iwlwifi: mvm: remove shadowing variable (FATE#321353, FATE#323335).
- iwlwifi: mvm: remove stray nd_config element (FATE#321353, FATE#323335).
- iwlwifi: mvm: remove the vif parameter of
iwl_mvm_configure_bcast_filter() (FATE#321353, FATE#323335).
- iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported()
(FATE#321353, FATE#323335).
- iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination
(FATE#321353, FATE#323335).
- iwlwifi: mvm: report wakeup for wowlan (FATE#321353, FATE#323335).
- iwlwifi: mvm: reset mvm->scan_type when firmware is started
(FATE#321353, FATE#323335).
- iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).
- iwlwifi: mvm: return the cooling state index instead of the budget
(FATE#321353, FATE#323335).
- iwlwifi: mvm: ROC: cleanup time event info on FW failure (FATE#321353,
FATE#323335).
- iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC
duration (FATE#321353, FATE#323335).
- iwlwifi: mvm: rs: fix a potential out of bounds access (FATE#321353,
FATE#323335).
- iwlwifi: mvm: rs: fix a theoretical access to uninitialized array
elements (FATE#321353, FATE#323335).
- iwlwifi: mvm: rs: fix a warning message (FATE#321353, FATE#323335).
- iwlwifi: mvm: rs: fix TPC action decision algorithm (FATE#321353,
FATE#323335).
- iwlwifi: mvm: rs: fix TPC statistics handling (FATE#321353, FATE#323335).
- iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed
(FATE#321353, FATE#323335).
- iwlwifi: mvm: set default new STA as non-aggregated (FATE#321353,
FATE#323335).
- iwlwifi: mvm: set the correct amsdu enum values (FATE#321353,
FATE#323335).
- iwlwifi: mvm: set the correct descriptor size for tracing (FATE#321353,
FATE#323335).
- iwlwifi: mvm: small update in the firmware API (FATE#321353,
FATE#323335).
- iwlwifi: mvm: support A-MSDU in A-MPDU (FATE#321353, FATE#323335).
- iwlwifi: mvm: support beacon storing (FATE#321353, FATE#323335).
- iwlwifi: mvm: support description for user triggered fw dbg collection
(FATE#321353, FATE#323335).
- iwlwifi: mvm: support rss queues configuration command (FATE#321353,
FATE#323335).
- iwlwifi: mvm: Support setting continuous recording debug mode
(FATE#321353, FATE#323335).
- iwlwifi: mvm: support setting minimum quota from debugfs (FATE#321353,
FATE#323335).
- iwlwifi: mvm: support sw queue start/stop from mvm (FATE#321353,
FATE#323335).
- iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,
FATE#323335).
- iwlwifi: mvm: take care of padded packets (FATE#321353, FATE#323335).
- iwlwifi: mvm: take the transport ref back when leaving (FATE#321353,
FATE#323335).
- iwlwifi: mvm: track low-latency sources separately (FATE#321353,
FATE#323335).
- iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).
- iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,
FATE#323335).
- iwlwifi: mvm: update GSCAN capabilities (FATE#321353, FATE#323335).
- iwlwifi: mvm: update ucode status before stopping device (FATE#321353,
FATE#323335).
- iwlwifi: mvm: use build-time assertion for fw trigger ID (FATE#321353,
FATE#323335).
- iwlwifi: mvm: use firmware station lookup, combine code (FATE#321353,
FATE#323335).
- iwlwifi: mvm: various trivial cleanups (FATE#321353, FATE#323335).
- iwlwifi: mvm: writing zero bytes to debugfs causes a crash (FATE#321353,
FATE#323335).
- iwlwifi: nvm: fix loading default NVM file (FATE#321353, FATE#323335).
- iwlwifi: nvm: fix up phy section when reading it (FATE#321353,
FATE#323335).
- iwlwifi: pcie: add 9000 series multi queue rx DMA support (FATE#321353,
FATE#323335).
- iwlwifi: pcie: add infrastructure for multi-queue rx (FATE#321353,
FATE#323335).
- iwlwifi: pcie: add initial RTPM support for PCI (FATE#321353,
FATE#323335).
- iwlwifi: pcie: Add new configuration to enable MSIX (FATE#321353,
FATE#323335).
- iwlwifi: pcie: add pm_prepare and pm_complete ops (FATE#321353,
FATE#323335).
- iwlwifi: pcie: add RTPM support when wifi is enabled (FATE#321353,
FATE#323335).
- iwlwifi: pcie: aggregate Flow Handler configuration writes (FATE#321353,
FATE#323335).
- iwlwifi: pcie: allow the op_mode to block the tx queues (FATE#321353,
FATE#323335).
- iwlwifi: pcie: allow to pretend to have Tx CSUM for debug (FATE#321353,
FATE#323335).
- iwlwifi: pcie: avoid restocks inside rx loop if not emergency
(FATE#321353, FATE#323335).
- iwlwifi: pcie: buffer packets to avoid overflowing Tx queues
(FATE#321353, FATE#323335).
- iwlwifi: pcie: build an A-MSDU using TSO core (FATE#321353, FATE#323335).
- iwlwifi: pcie: configure more RFH settings (FATE#321353, FATE#323335).
- iwlwifi: pcie: detect and workaround invalid write ptr behavior
(FATE#321353, FATE#323335).
- iwlwifi: pcie: do not increment / decrement a bool (FATE#321353,
FATE#323335).
- iwlwifi: pcie: enable interrupts before releasing the NIC's CPU
(FATE#321353, FATE#323335).
- iwlwifi: pcie: enable multi-queue rx path (FATE#321353, FATE#323335).
- iwlwifi: pcie: extend device reset delay (FATE#321353, FATE#323335).
- iwlwifi: pcie: fine tune number of rxbs (FATE#321353, FATE#323335).
- iwlwifi: pcie: fix a race in firmware loading flow (FATE#321353,
FATE#323335).
- iwlwifi: pcie: fix command completion name debug (bsc#1031717).
- iwlwifi: pcie: fix erroneous return value (FATE#321353, FATE#323335).
- iwlwifi: pcie: fix global table size (FATE#321353, FATE#323335).
- iwlwifi: pcie: fix identation in trans.c (FATE#321353, FATE#323335).
- iwlwifi: pcie: fix RF-Kill vs. firmware load race (FATE#321353,
FATE#323335).
- iwlwifi: pcie: forbid RTPM on device removal (FATE#321353, FATE#323335).
- iwlwifi: pcie: mark command queue lock with separate lockdep class
(FATE#321353, FATE#323335).
- iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim
(FATE#321353, FATE#323335).
- iwlwifi: pcie: refactor RXBs reclaiming code (FATE#321353, FATE#323335).
- iwlwifi: pcie: remove ICT allocation message (FATE#321353, FATE#323335).
- iwlwifi: pcie: remove pointer from debug message (FATE#321353,
FATE#323335).
- iwlwifi: pcie: re-organize code towards TSO (FATE#321353, FATE#323335).
- iwlwifi: pcie: set RB chunk size back to 64 (FATE#321353, FATE#323335).
- iwlwifi: pcie: update iwl_mpdu_desc fields (FATE#321353, FATE#323335).
- iwlwifi: print index in api/capa flags parsing message (FATE#321353,
FATE#323335).
- iwlwifi: refactor the code that reads the MAC address from the NVM
(FATE#321353, FATE#323335).
- iwlwifi: remove IWL_DL_LED (FATE#321353, FATE#323335).
- iwlwifi: remove unused parameter from grab_nic_access (FATE#321353,
FATE#323335).
- iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables
(FATE#321353, FATE#323335).
- iwlwifi: set max firmware version of 7265 to 17 (FATE#321353,
FATE#323335).
- iwlwifi: support ucode with d0 unified image - regular and usniffer
(FATE#321353, FATE#323335).
- iwlwifi: trans: make various conversion macros inlines (FATE#321353,
FATE#323335).
- iwlwifi: trans: support a callback for ASYNC commands (FATE#321353,
FATE#323335).
- iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian
(FATE#321353, FATE#323335).
- iwlwifi: tt: move ucode_loaded check under mutex (FATE#321353,
FATE#323335).
- iwlwifi: uninline iwl_trans_send_cmd (FATE#321353, FATE#323335).
- iwlwifi: update host command messages to new format (FATE#321353,
FATE#323335).
- iwlwifi: Update PCI IDs for 8000 and 9000 series (FATE#321353,
FATE#323335).
- iwlwifi: update support for 3168 series firmware and NVM (FATE#321353,
FATE#323335).
- iwlwifi: various comments and code cleanups (FATE#321353, FATE#323335).
- kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly
version in panic path" (bsc#1051478).
- kABI: protect lwtunnel include in ip6_route.h (kabi).
- KABI protect struct acpi_nfit_desc (bsc#1052325).
- kABI: protect struct iscsi_tpg_attrib (kabi).
- kABI: protect struct se_lun (kabi).
- kABI: protect struct tpm_chip (kabi).
- kABI: protect struct xfrm_dst (kabi).
- kABI: protect struct xfrm_dst (kabi).
- kabi/severities: add drivers/scsi/hisi_sas to kabi severities
- kabi/severities: ignore kABi changes in iwlwifi stuff itself
- kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
(bsc#1051478).
- kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).
- kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).
- kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).
- libnvdimm: fix badblock range handling of ARS range (bsc#1023175).
- libnvdimm: fix badblock range handling of ARS range (bsc#1051048).
- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).
- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919).
- libnvdimm, region: fix flush hint detection crash (bsc#1048919).
- lightnvm: fix "warning: ‘ret’ may be used uninitialized"
(FATE#319466).
- mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).
- md-cluster: Fix a memleak in an error handling path (bsc#1049289).
- md: do not return -EAGAIN in md_allow_write for external metadata arrays
(bsc#1047174).
- md: fix sleep in atomic (bsc#1040351).
- mm: call page_ext_init() after all struct pages are initialized (VM
Debugging Functionality, bsc#1047048).
- mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,
bsc#1042314).
- mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).
- mm, memory_hotplug: get rid of is_zone_device_section fix (bnc#1047595).
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
(bnc#1039348).
- mwifiex: do not update MCS set from hostapd (bsc#1031717).
- net: account for current skb length when deciding about UFO
(bsc#1041958).
- net: add netdev_lockdep_set_classes() helper (fate#320485).
- net: ena: add hardware hints capability to the driver (bsc#1047121).
- net: ena: add hardware hints capability to the driver (bsc#1047121).
- net: ena: add missing return when ena_com_get_io_handlers() fails
(bsc#1047121).
- net: ena: add missing return when ena_com_get_io_handlers() fails
(bsc#1047121).
- net: ena: add missing unmap bars on device removal (bsc#1047121).
- net: ena: add missing unmap bars on device removal (bsc#1047121).
- net: ena: add reset reason for each device FLR (bsc#1047121).
- net: ena: add reset reason for each device FLR (bsc#1047121).
- net: ena: add support for out of order rx buffers refill (bsc#1047121).
- net: ena: add support for out of order rx buffers refill (bsc#1047121).
- net: ena: allow the driver to work with small number of msix vectors
(bsc#1047121).
- net: ena: allow the driver to work with small number of msix vectors
(bsc#1047121).
- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).
- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).
- net: ena: change return value for unsupported features unsupported
return value (bsc#1047121).
- net: ena: change return value for unsupported features unsupported
return value (bsc#1047121).
- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).
- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).
- net: ena: disable admin msix while working in polling mode (bsc#1047121).
- net: ena: disable admin msix while working in polling mode (bsc#1047121).
- net: ena: fix bug that might cause hang after consecutive open/close
interface (bsc#1047121).
- net: ena: fix bug that might cause hang after consecutive open/close
interface (bsc#1047121).
- net: ena: fix race condition between submit and completion admin command
(bsc#1047121).
- net: ena: fix race condition between submit and completion admin command
(bsc#1047121).
- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).
- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).
- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).
- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).
- net: ena: separate skb allocation to dedicated function (bsc#1047121).
- net: ena: separate skb allocation to dedicated function (bsc#1047121).
- net/ena: switch to pci_alloc_irq_vectors (bsc#1047121).
- net: ena: update driver's rx drop statistics (bsc#1047121).
- net: ena: update driver's rx drop statistics (bsc#1047121).
- net: ena: update ena driver to version 1.1.7 (bsc#1047121).
- net: ena: update ena driver to version 1.1.7 (bsc#1047121).
- net: ena: update ena driver to version 1.2.0 (bsc#1047121).
- net: ena: update ena driver to version 1.2.0 (bsc#1047121).
- net: ena: use lower_32_bits()/upper_32_bits() to split dma address
(bsc#1047121).
- net: ena: use lower_32_bits()/upper_32_bits() to split dma address
(bsc#1047121).
- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).
- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).
- net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
(bsc#1042286).
- net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451).
- net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485).
- net/mlx4_core: Fixes missing capability bit in flags2 capability dump
(bsc#1015337).
- net/mlx4_core: Fix namespace misalignment in QinQ VST support commit
(bsc#1015337).
- net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump
(bsc#1015337).
- net/mlx5: Cancel delayed recovery work when unloading the driver
(bsc#1015342).
- net/mlx5: Clean SRIOV eswitch resources upon VF creation failure
(bsc#1015342).
- net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).
- net/mlx5e: Add field select to MTPPS register (bsc#1015342).
- net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).
- net/mlx5e: Change 1PPS out scheme (bsc#1015342).
- net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
- net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).
- net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).
- net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff
(bsc#1015342).
- net/mlx5e: Rename physical symbol errors counter (bsc#1015342).
- net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).
- net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
(bsc#1015342).
- net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).
- net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).
- net: phy: Do not perform software reset for Generic PHY (bsc#1042286).
- netvsc: add comments about callback's and NAPI (fate#320485).
- netvsc: Add #include's for csum_* function declarations (fate#320485).
- netvsc: add rtnl annotations in rndis (fate#320485).
- netvsc: add some rtnl_dereference annotations (fate#320485).
- netvsc: avoid race with callback (fate#320485).
- netvsc: change logic for change mtu and set_queues (fate#320485).
- netvsc: change max channel calculation (fate#320485).
- netvsc: change order of steps in setting queues (fate#320485).
- netvsc: Deal with rescinded channels correctly (fate#320485).
- netvsc: do not access netdev->num_rx_queues directly (fate#320485).
- netvsc: do not overload variable in same function (fate#320485).
- netvsc: do not print pointer value in error message (fate#320485).
- netvsc: eliminate unnecessary skb == NULL checks (fate#320485).
- netvsc: enable GRO (fate#320485).
- netvsc: Fix a bug in sub-channel handling (fate#320485).
- netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).
- netvsc: fix calculation of available send sections (fate#320485).
- netvsc: fix dereference before null check errors (fate#320485).
- netvsc: fix error unwind on device setup failure (fate#320485).
- netvsc: fix hang on netvsc module removal (fate#320485).
- netvsc: fix NAPI performance regression (fate#320485).
- netvsc: fix net poll mode (fate#320485).
- netvsc: fix netvsc_set_channels (fate#320485).
- netvsc: fix ptr_ret.cocci warnings (fate#320485).
- netvsc: fix rcu dereference warning from ethtool (fate#320485).
- netvsc: fix RCU warning in get_stats (fate#320485).
- netvsc: fix return value for set_channels (fate#320485).
- netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).
- netvsc: fix use after free on module removal (fate#320485).
- netvsc: fix warnings reported by lockdep (fate#320485).
- netvsc: fold in get_outbound_net_device (fate#320485).
- netvsc: force link update after MTU change (fate#320485).
- netvsc: handle offline mtu and channel change (fate#320485).
- netvsc: implement NAPI (fate#320485).
- netvsc: include rtnetlink.h (fate#320485).
- netvsc: Initialize all channel related state prior to opening the
channel (fate#320485).
- netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).
- netvsc: make sure napi enabled before vmbus_open (fate#320485).
- netvsc: mark error cases as unlikely (fate#320485).
- netvsc: move filter setting to rndis_device (fate#320485).
- netvsc: need napi scheduled during removal (fate#320485).
- netvsc: need rcu_derefence when accessing internal device info
(fate#320485).
- netvsc: optimize calculation of number of slots (fate#320485).
- netvsc: optimize receive completions (fate#320485).
- netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp
(fate#320485).
- netvsc: prefetch the first incoming ring element (fate#320485).
- netvsc: Properly initialize the return value (fate#320485).
- netvsc: remove bogus rtnl_unlock (fate#320485).
- netvsc: remove no longer used max_num_rss queues (fate#320485).
- netvsc: Remove redundant use of ipv6_hdr() (fate#320485).
- netvsc: remove unnecessary indirection of page_buffer (fate#320485).
- netvsc: remove unnecessary lock on shutdown (fate#320485).
- netvsc: remove unused #define (fate#320485).
- netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb
(fate#320485).
- netvsc: save pointer to parent netvsc_device in channel table
(fate#320485).
- netvsc: signal host if receive ring is emptied (fate#320485).
- netvsc: transparent VF management (fate#320485, bsc#1051979).
- netvsc: use ERR_PTR to avoid dereference issues (fate#320485).
- netvsc: use hv_get_bytes_to_read (fate#320485).
- netvsc: use napi_consume_skb (fate#320485).
- netvsc: use RCU to protect inner device structure (fate#320485).
- netvsc: uses RCU instead of removal flag (fate#320485).
- netvsc: use typed pointer for internal state (fate#320485).
- nfs: Cache aggressively when file is open for writing (bsc#1033587).
- nfs: Do not flush caches for a getattr that races with writeback
(bsc#1033587).
- nfs: invalidate file size when taking a lock (git-fixes).
- nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).
- nfs: Optimize fallocate by refreshing mapping when needed (git-fixes).
- nvme: add hostid token to fabric options (bsc#1045293).
- nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146).
- nvme: fabrics commands should use the fctype field for data direction
(bsc#1043805).
- nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).
- nvme/pci: Fix stuck nvme reset (bsc#1043805).
- nvmet: identify controller: improve standard compliance (bsc#1048146).
- nvme: wwid_show: strip trailing 0-bytes (bsc#1048146).
- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).
- ocfs2: Make ocfs2_set_acl() static (bsc#1030552).
- pci: Add Mellanox device IDs (bsc#1051478).
- pci: Convert Mellanox broken INTx quirks to be for listed devices only
(bsc#1051478).
- pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).
- pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN
(bsc#1051478).
- pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()
(bsc#1051478).
- pci: Enable ECRC only if device supports it (bsc#1051478).
- pci: hv: Allocate interrupt descriptors with GFP_ATOMIC (fate#320295,
bnc#1034113).
- pci: hv: Lock PCI bus on device eject (fate#320295, bnc#1034113).
Replaces a change for (bnc#998664)
- pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).
- pci/msi: Ignore affinity if pre/post vector count is more than min_vecs
(1050211).
- pci/pm: Fix native PME handling during system suspend/resume
(bsc#1051478).
- pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+
(bsc#1051478).
- perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).
- perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).
- perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).
- pipe: cap initial pipe capacity according to pipe-max-size limit
(bsc#1045330).
- platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill
(bsc#1051022).
- platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill
(bsc#1051022).
- platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill
(bsc#1051022).
- platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill
dmi list (bsc#1051022).
- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
(bsc#1051022).
- platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill
(bsc#1051022).
- platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list
(bsc#1051022).
- platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill
(bsc#1051022).
- pm / Hibernate: Fix scheduling while atomic during hibernation
(bsc#1051059).
- powerpc: Add POWER9 architected mode to cputable (bsc#1048916,
fate#321439).
- powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used
(bsc#1049231).
- powerpc/ftrace: Pass the correct stack pointer for
DYNAMIC_FTRACE_WITH_REGS (FATE#322421).
- powerpc/perf: Fix branch event code for power9 (fate#321438, Pending
SUSE Kernel Fixes).
- powerpc/perf: Fix oops when kthread execs user process
- powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9
(bsc#1053043 (git-fixes)).
- powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439).
- powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes
08e1c01d6aed).
- prctl: propagate has_child_subreaper flag to every descendant
(bnc#1022476).
- printk: Correctly handle preemption in console_unlock() (bsc#1046434).
- printk/xen: Force printk sync mode when migrating Xen guest
(bsc#1043347).
- qed: Add missing static/local dcbx info (bsc#1019695).
- qed: Correct print in iscsi error-flow (bsc#1019695).
- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).
- rbd: drop extra rbd_img_request_get (bsc#1045596).
- rbd: make sure pages are freed by libceph (bsc#1045596).
- rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).
- rdma/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr()
(bsc#1026570).
- rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).
- rdma/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604
FATE#321747).
- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- Remove upstream commit e14b4db7a567 netvsc: fix race during
initialization will be replaced by following changes
- reorder upstream commit d0c2c9973ecd net: use core MTU range checking in
virt drivers
- Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
(bsc#1031717).
- Revert "Add "shutdown" to "struct class"." (kabi).
- Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi).
- Revert "Make file credentials available to the seqfile interfaces"
(kabi).
- Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).
- Revert "netvsc: optimize calculation of number of slots" (fate#320485).
- Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"
(bsc#1048914).
- Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"
(bsc#1048914).
- Revert "/proc/iomem: only expose physical resource addresses to
privileged users" (kabi).
- Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).
- rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id
This needs rpm-4.14+ (bsc#964063).
- s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706).
- s390/kdump: remove code to create ELF notes in the crashed system
(bsc#1049706).
- sched/core: Allow __sched_setscheduler() in interrupts when PI is not
used (bnc#1022476).
- sched/debug: Print the scheduler topology group mask (bnc#1022476).
- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).
- sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).
- sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all
cfs_rqs (bnc#1022476).
- sched/topology: Add sched_group_capacity debugging (bnc#1022476).
- sched/topology: Fix building of overlapping sched-groups (bnc#1022476).
- sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).
- sched/topology: Move comment about asymmetric node setups (bnc#1022476).
- sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1022476).
- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).
- sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).
- sched/topology: Small cleanup (bnc#1022476).
- sched/topology: Verify the first group matches the child domain
(bnc#1022476).
- scsi: aacraid: Do not copy uninitialized stack memory to userspace
(bsc#1048912).
- scsi: aacraid: fix leak of data from stack back to userspace
(bsc#1048912).
- scsi: aacraid: fix PCI error recovery path (bsc#1048912).
- scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).
- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
- scsi_devinfo: fixup string compare (bsc#1037404).
- scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).
- scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).
- scsi: hisi_sas: add v2 hw internal abort timeout workaround
(bsc#1049298).
- scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors
(bsc#1049298).
- scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).
- scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()
(bsc#1049298).
- scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).
- scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).
- scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).
- scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).
- scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).
- scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).
- scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).
- scsi: lpfc: Add auto EQ delay logic (bsc#1042257).
- scsi: lpfc: Added recovery logic for running out of NVMET IO context
resources (bsc#1037838).
- scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838).
- scsi: lpfc: Add MDS Diagnostic support (bsc#1037838).
- scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838).
- scsi: lpfc: do not double count abort errors (bsc#1048912).
- scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux
(bsc#1044623).
- scsi: lpfc: Fix crash after firmware flash when IO is running
(bsc#1044623).
- scsi: lpfc: Fix crash doing IO with resets (bsc#1044623).
- scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an
abort request (bsc#1044623).
- scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver
unload (bsc#1037838).
- scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257).
- scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).
- scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests
(bsc#1037838).
- scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport
state (bsc#1037838).
- scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404).
- scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes
(bsc#1037838).
- scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type
(bsc#1037838).
- scsi: lpfc: Fix nvmet RQ resource needs for large block writes
(bsc#1037838).
- scsi: lpfc: fix refcount error on node list (bsc#1045404).
- scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623).
- scsi: lpfc: Fix system crash when port is reset (bsc#1037838).
- scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623).
- scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838).
- scsi: lpfc: Reduce time spent in IRQ for received NVME commands
(bsc#1044623).
- scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838).
- scsi: lpfc: Separate NVMET RQ buffer posting from IO resources
SGL/iocbq/context (bsc#1037838).
- scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623).
- scsi: lpfc: update version to 11.2.0.14 (bsc#1037838).
- scsi: lpfc: Vport creation is failing with "Link Down" error
(bsc#1044623).
- scsi: qedf: Fix a return value in case of error in
'qedf_alloc_global_queues' (bsc#1048912).
- scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).
- scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443).
- scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443).
- scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).
- scsi: storvsc: remove return at end of void function (fate#320485).
- scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,
bnc#1044636).
- sfc: Add ethtool -m support for QSFP modules (bsc#1049619).
- smartpqi: limit transfer length to 1MB (bsc#1025461).
- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- string.h: add memcpy_and_pad() (bsc#1048146).
- sysctl: do not print negative flag for proc_douintvec (bnc#1046985).
- Temporarily disable iwlwifi-expose-default-fallback-ucode-api ... for
updating iwlwifi stack
- timers: Plug locking race vs. timer migration (bnc#1022476).
- tools: hv: Add clean up for included files in Ubuntu net config
(fate#320485).
- tools: hv: Add clean up function for Ubuntu config (fate#320485).
- tools: hv: properly handle long paths (fate#320485).
- tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).
- tools: hv: set hotplug for VF on Suse (fate#320485).
- Tools: hv: vss: Thaw the filesystem and continue if freeze call has
timed out (fate#320485).
- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
- tpm: KABI fix (bsc#1053117).
- tpm_tis: Fix IRQ autoprobing when using platform_device (bsc#1020645,
fate#321435, fate#321507, fate#321600, Pending fixes 2017-07-06).
- tpm_tis: Use platform_get_irq (bsc#1020645, fate#321435, fate#321507,
fate#321600, Pending fixes 2017-07-06).
- tpm/tpm_crb: fix priv->cmd_size initialisation (bsc#1020645,
fate#321435, fate#321507, fate#321600, Pending SUSE Kernel Fixes).
- udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).
- udf: Fix races with i_size changes during readpage (bsc#1012829).
- Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335)
- vfs: fix missing inode_get_dev sites (bsc#1052049).
- vmbus: cleanup header file style (fate#320485).
- vmbus: expose debug info for drivers (fate#320485).
- vmbus: fix spelling errors (fate#320485).
- vmbus: introduce in-place packet iterator (fate#320485).
- vmbus: only reschedule tasklet if time limit exceeded (fate#320485).
- vmbus: re-enable channel tasklet (fate#320485).
- vmbus: remove unnecessary initialization (fate#320485).
- vmbus: remove useless return's (fate#320485).
- x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()
(bsc#1051399).
- x86/hyperv: Check frequency MSRs presence according to the specification
(fate#320485).
- x86/LDT: Print the real LDT base address (bsc#1051478).
- x86/mce: Make timer handling more robust (bsc#1042422).
- x86/panic: replace smp_send_stop() with kdump friendly version in panic
path (bsc#1051478).
- x86/platform/uv/BAU: Disable BAU on single hub configurations
(bsc#1050320).
- x86/platform/uv/BAU: Fix congested_response_us not taking effect
(bsc#1050322).
- xen: allocate page for shared info page from low memory (bnc#1038616).
- xen/balloon: do not online new memory initially (bnc#1028173).
- xen: hold lock_device_hotplug throughout vcpu hotplug operations
(bsc#1042422).
- xen-netfront: Rework the fix for Rx stall during OOM and network stress
(git-fixes).
- xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).
- xfrm: NULL dereference on allocation failure (bsc#1047343).
- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
- xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).
- xfs: detect and trim torn writes during log recovery (bsc#1036215).
- xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).
- xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- xfs: refactor and open code log record crc check (bsc#1036215).
- xfs: refactor log record start detection into a new helper (bsc#1036215).
- xfs: return start block of first bad log record during recovery
(bsc#1036215).
- xfs: support a crc verification only log record pass (bsc#1036215).
- xgene: Do not fail probe, if there is no clk resource for SGMII
interfaces (bsc#1048501).
- xilinx network drivers: disable (bsc#1046170).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1404=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1404=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1404=1
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1404=1
- SUSE Linux Enterprise High Availability 12-SP3:
zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1404=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1404=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
kernel-default-debuginfo-4.4.82-6.3.1
kernel-default-debugsource-4.4.82-6.3.1
kernel-default-extra-4.4.82-6.3.1
kernel-default-extra-debuginfo-4.4.82-6.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.4.82-6.3.3
kernel-obs-build-debugsource-4.4.82-6.3.3
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
kernel-docs-4.4.82-6.3.5
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-4.4.82-6.3.1
kernel-default-base-4.4.82-6.3.1
kernel-default-base-debuginfo-4.4.82-6.3.1
kernel-default-debuginfo-4.4.82-6.3.1
kernel-default-debugsource-4.4.82-6.3.1
kernel-default-devel-4.4.82-6.3.1
kernel-syms-4.4.82-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
kernel-devel-4.4.82-6.3.1
kernel-macros-4.4.82-6.3.1
kernel-source-4.4.82-6.3.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
kernel-default-man-4.4.82-6.3.1
- SUSE Linux Enterprise Live Patching 12-SP3 (x86_64):
kgraft-patch-4_4_82-6_3-default-1-2.1
kgraft-patch-4_4_82-6_3-default-debuginfo-1-2.1
- SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.82-6.3.1
cluster-md-kmp-default-debuginfo-4.4.82-6.3.1
dlm-kmp-default-4.4.82-6.3.1
dlm-kmp-default-debuginfo-4.4.82-6.3.1
gfs2-kmp-default-4.4.82-6.3.1
gfs2-kmp-default-debuginfo-4.4.82-6.3.1
kernel-default-debuginfo-4.4.82-6.3.1
kernel-default-debugsource-4.4.82-6.3.1
ocfs2-kmp-default-4.4.82-6.3.1
ocfs2-kmp-default-debuginfo-4.4.82-6.3.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
kernel-devel-4.4.82-6.3.1
kernel-macros-4.4.82-6.3.1
kernel-source-4.4.82-6.3.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
kernel-default-4.4.82-6.3.1
kernel-default-debuginfo-4.4.82-6.3.1
kernel-default-debugsource-4.4.82-6.3.1
kernel-default-devel-4.4.82-6.3.1
kernel-default-extra-4.4.82-6.3.1
kernel-default-extra-debuginfo-4.4.82-6.3.1
kernel-syms-4.4.82-6.3.1
References:
https://www.suse.com/security/cve/CVE-2017-1000111.html
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-10810.html
https://www.suse.com/security/cve/CVE-2017-11473.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7541.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://bugzilla.suse.com/1005778
https://bugzilla.suse.com/1006180
https://bugzilla.suse.com/1011913
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1013887
https://bugzilla.suse.com/1015337
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1016119
https://bugzilla.suse.com/1019151
https://bugzilla.suse.com/1019695
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1022476
https://bugzilla.suse.com/1022600
https://bugzilla.suse.com/1022604
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/1024346
https://bugzilla.suse.com/1024373
https://bugzilla.suse.com/1025461
https://bugzilla.suse.com/1026570
https://bugzilla.suse.com/1028173
https://bugzilla.suse.com/1028286
https://bugzilla.suse.com/1029693
https://bugzilla.suse.com/1030552
https://bugzilla.suse.com/1031515
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031784
https://bugzilla.suse.com/1033587
https://bugzilla.suse.com/1034075
https://bugzilla.suse.com/1034113
https://bugzilla.suse.com/1034762
https://bugzilla.suse.com/1036215
https://bugzilla.suse.com/1036632
https://bugzilla.suse.com/1037344
https://bugzilla.suse.com/1037404
https://bugzilla.suse.com/1037838
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1038078
https://bugzilla.suse.com/1038616
https://bugzilla.suse.com/1038792
https://bugzilla.suse.com/1039153
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1039915
https://bugzilla.suse.com/1040307
https://bugzilla.suse.com/1040347
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1041958
https://bugzilla.suse.com/1042257
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1042314
https://bugzilla.suse.com/1042422
https://bugzilla.suse.com/1042778
https://bugzilla.suse.com/1043261
https://bugzilla.suse.com/1043347
https://bugzilla.suse.com/1043520
https://bugzilla.suse.com/1043598
https://bugzilla.suse.com/1043652
https://bugzilla.suse.com/1043805
https://bugzilla.suse.com/1043912
https://bugzilla.suse.com/1044112
https://bugzilla.suse.com/1044443
https://bugzilla.suse.com/1044623
https://bugzilla.suse.com/1044636
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045293
https://bugzilla.suse.com/1045330
https://bugzilla.suse.com/1045404
https://bugzilla.suse.com/1045563
https://bugzilla.suse.com/1045596
https://bugzilla.suse.com/1045709
https://bugzilla.suse.com/1045715
https://bugzilla.suse.com/1045866
https://bugzilla.suse.com/1045922
https://bugzilla.suse.com/1045937
https://bugzilla.suse.com/1046105
https://bugzilla.suse.com/1046170
https://bugzilla.suse.com/1046434
https://bugzilla.suse.com/1046651
https://bugzilla.suse.com/1046655
https://bugzilla.suse.com/1046682
https://bugzilla.suse.com/1046821
https://bugzilla.suse.com/1046985
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1047048
https://bugzilla.suse.com/1047096
https://bugzilla.suse.com/1047118
https://bugzilla.suse.com/1047121
https://bugzilla.suse.com/1047152
https://bugzilla.suse.com/1047174
https://bugzilla.suse.com/1047277
https://bugzilla.suse.com/1047343
https://bugzilla.suse.com/1047354
https://bugzilla.suse.com/1047418
https://bugzilla.suse.com/1047506
https://bugzilla.suse.com/1047595
https://bugzilla.suse.com/1047651
https://bugzilla.suse.com/1047653
https://bugzilla.suse.com/1047670
https://bugzilla.suse.com/1047802
https://bugzilla.suse.com/1048146
https://bugzilla.suse.com/1048155
https://bugzilla.suse.com/1048221
https://bugzilla.suse.com/1048317
https://bugzilla.suse.com/1048348
https://bugzilla.suse.com/1048356
https://bugzilla.suse.com/1048421
https://bugzilla.suse.com/1048451
https://bugzilla.suse.com/1048501
https://bugzilla.suse.com/1048891
https://bugzilla.suse.com/1048912
https://bugzilla.suse.com/1048914
https://bugzilla.suse.com/1048916
https://bugzilla.suse.com/1048919
https://bugzilla.suse.com/1049231
https://bugzilla.suse.com/1049289
https://bugzilla.suse.com/1049298
https://bugzilla.suse.com/1049361
https://bugzilla.suse.com/1049483
https://bugzilla.suse.com/1049486
https://bugzilla.suse.com/1049603
https://bugzilla.suse.com/1049619
https://bugzilla.suse.com/1049645
https://bugzilla.suse.com/1049706
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1050061
https://bugzilla.suse.com/1050188
https://bugzilla.suse.com/1050211
https://bugzilla.suse.com/1050320
https://bugzilla.suse.com/1050322
https://bugzilla.suse.com/1050677
https://bugzilla.suse.com/1051022
https://bugzilla.suse.com/1051048
https://bugzilla.suse.com/1051059
https://bugzilla.suse.com/1051239
https://bugzilla.suse.com/1051399
https://bugzilla.suse.com/1051471
https://bugzilla.suse.com/1051478
https://bugzilla.suse.com/1051479
https://bugzilla.suse.com/1051556
https://bugzilla.suse.com/1051663
https://bugzilla.suse.com/1051689
https://bugzilla.suse.com/1051979
https://bugzilla.suse.com/1052049
https://bugzilla.suse.com/1052223
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052325
https://bugzilla.suse.com/1052365
https://bugzilla.suse.com/1052442
https://bugzilla.suse.com/1052533
https://bugzilla.suse.com/1052709
https://bugzilla.suse.com/1052773
https://bugzilla.suse.com/1052794
https://bugzilla.suse.com/1052899
https://bugzilla.suse.com/1052925
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1053117
https://bugzilla.suse.com/964063
https://bugzilla.suse.com/974215
https://bugzilla.suse.com/998664
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2281-1: important: Security update for java-1_7_1-ibm
by opensuse-security@opensuse.org 29 Aug '17
by opensuse-security@opensuse.org 29 Aug '17
29 Aug '17
SUSE Security Update: Security update for java-1_7_1-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2281-1
Rating: important
References: #1053431
Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074
CVE-2017-10081 CVE-2017-10087 CVE-2017-10089
CVE-2017-10090 CVE-2017-10096 CVE-2017-10101
CVE-2017-10102 CVE-2017-10105 CVE-2017-10107
CVE-2017-10108 CVE-2017-10109 CVE-2017-10110
CVE-2017-10111 CVE-2017-10115 CVE-2017-10116
CVE-2017-10125 CVE-2017-10243
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________
An update that fixes 20 vulnerabilities is now available.
Description:
This update for java-1_7_1-ibm fixes the following issues:
- Version update to 7.1-4.10 [bsc#1053431]
* CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101
CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087
CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115
CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109
CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple
unspecified vulnerabilities in multiple Java components could lead to
code execution or sandbox escape
More information can be found here:
https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_
July_18_2017_CPU
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-java-1_7_1-ibm-13248=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-java-1_7_1-ibm-13248=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64):
java-1_7_1-ibm-devel-1.7.1_sr4.10-26.5.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-26.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-26.5.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-26.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-26.5.1
References:
https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://bugzilla.suse.com/1053431
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2280-1: important: Security update for java-1_7_1-ibm
by opensuse-security@opensuse.org 29 Aug '17
by opensuse-security@opensuse.org 29 Aug '17
29 Aug '17
SUSE Security Update: Security update for java-1_7_1-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2280-1
Rating: important
References: #1053431
Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074
CVE-2017-10081 CVE-2017-10087 CVE-2017-10089
CVE-2017-10090 CVE-2017-10096 CVE-2017-10101
CVE-2017-10102 CVE-2017-10105 CVE-2017-10107
CVE-2017-10108 CVE-2017-10109 CVE-2017-10110
CVE-2017-10111 CVE-2017-10115 CVE-2017-10116
CVE-2017-10125 CVE-2017-10243
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that fixes 20 vulnerabilities is now available.
Description:
This update for java-1_7_1-ibm fixes the following issues:
- Version update to 7.1-4.10 [bsc#1053431]
* CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101
CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087
CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115
CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109
CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple
unspecified vulnerabilities in multiple Java components could lead to
code execution or sandbox escape
More information can be found here:
https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_
July_18_2017_CPU
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1395=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1395=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1395=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1395=1
- SUSE Linux Enterprise Server for SAP 12:
zypper in -t patch SUSE-SLE-SAP-12-2017-1395=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1395=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1395=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1395=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-1395=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64):
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64):
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server for SAP 12 (x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP3 (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
java-1_7_1-ibm-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1
java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1
References:
https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://bugzilla.suse.com/1053431
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2271-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 28 Aug '17
by opensuse-security@opensuse.org 28 Aug '17
28 Aug '17
openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2271-1
Rating: important
References: #1042812 #1042826 #1043289 #1049072
Cross-References: CVE-2017-11403 CVE-2017-9439 CVE-2017-9440
CVE-2017-9501
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage
incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin
coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via
a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an
out-of-order CloseBlob call, resulting in a use-after-free via acrafted
file (bsc#1049072)
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-971=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-971=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
ImageMagick-6.8.8.1-34.1
ImageMagick-debuginfo-6.8.8.1-34.1
ImageMagick-debugsource-6.8.8.1-34.1
ImageMagick-devel-6.8.8.1-34.1
ImageMagick-extra-6.8.8.1-34.1
ImageMagick-extra-debuginfo-6.8.8.1-34.1
libMagick++-6_Q16-3-6.8.8.1-34.1
libMagick++-6_Q16-3-debuginfo-6.8.8.1-34.1
libMagick++-devel-6.8.8.1-34.1
libMagickCore-6_Q16-1-6.8.8.1-34.1
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-34.1
libMagickWand-6_Q16-1-6.8.8.1-34.1
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-34.1
perl-PerlMagick-6.8.8.1-34.1
perl-PerlMagick-debuginfo-6.8.8.1-34.1
- openSUSE Leap 42.3 (x86_64):
ImageMagick-devel-32bit-6.8.8.1-34.1
libMagick++-6_Q16-3-32bit-6.8.8.1-34.1
libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-34.1
libMagick++-devel-32bit-6.8.8.1-34.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-34.1
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-34.1
libMagickWand-6_Q16-1-32bit-6.8.8.1-34.1
libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-34.1
- openSUSE Leap 42.3 (noarch):
ImageMagick-doc-6.8.8.1-34.1
- openSUSE Leap 42.2 (i586 x86_64):
ImageMagick-6.8.8.1-30.6.1
ImageMagick-debuginfo-6.8.8.1-30.6.1
ImageMagick-debugsource-6.8.8.1-30.6.1
ImageMagick-devel-6.8.8.1-30.6.1
ImageMagick-extra-6.8.8.1-30.6.1
ImageMagick-extra-debuginfo-6.8.8.1-30.6.1
libMagick++-6_Q16-3-6.8.8.1-30.6.1
libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.6.1
libMagick++-devel-6.8.8.1-30.6.1
libMagickCore-6_Q16-1-6.8.8.1-30.6.1
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.6.1
libMagickWand-6_Q16-1-6.8.8.1-30.6.1
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.6.1
perl-PerlMagick-6.8.8.1-30.6.1
perl-PerlMagick-debuginfo-6.8.8.1-30.6.1
- openSUSE Leap 42.2 (noarch):
ImageMagick-doc-6.8.8.1-30.6.1
- openSUSE Leap 42.2 (x86_64):
ImageMagick-devel-32bit-6.8.8.1-30.6.1
libMagick++-6_Q16-3-32bit-6.8.8.1-30.6.1
libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.6.1
libMagick++-devel-32bit-6.8.8.1-30.6.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-30.6.1
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.6.1
libMagickWand-6_Q16-1-32bit-6.8.8.1-30.6.1
libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.6.1
References:
https://www.suse.com/security/cve/CVE-2017-11403.html
https://www.suse.com/security/cve/CVE-2017-9439.html
https://www.suse.com/security/cve/CVE-2017-9440.html
https://www.suse.com/security/cve/CVE-2017-9501.html
https://bugzilla.suse.com/1042812
https://bugzilla.suse.com/1042826
https://bugzilla.suse.com/1043289
https://bugzilla.suse.com/1049072
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0