openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
December 2018
- 1 participants
- 78 discussions
[security-announce] openSUSE-SU-2018:4138-1: important: Security update for ghostscript
by opensuse-security@opensuse.org 15 Dec '18
by opensuse-security@opensuse.org 15 Dec '18
15 Dec '18
openSUSE Security Update: Security update for ghostscript
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4138-1
Rating: important
References: #1109105 #1111479 #1111480 #1112229 #1117022
#1117274 #1117313 #1117327 #1117331
Cross-References: CVE-2018-17183 CVE-2018-17961 CVE-2018-18073
CVE-2018-18284 CVE-2018-19409 CVE-2018-19475
CVE-2018-19476 CVE-2018-19477
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that solves 8 vulnerabilities and has one errata
is now available.
Description:
This update for ghostscript to version 9.26 fixes the following issues:
Security issues fixed:
- CVE-2018-19475: Fixed bypass of an intended access restriction in
psi/zdevice2.c (bsc#1117327)
- CVE-2018-19476: Fixed bypass of an intended access restriction in
psi/zicc.c (bsc#1117313)
- CVE-2018-19477: Fixed bypass of an intended access restriction in
psi/zfjbig2.c (bsc#1117274)
- CVE-2018-19409: Check if another device is used correctly in
LockSafetyParams (bsc#1117022)
- CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator
(bsc#1112229)
- CVE-2018-18073: Fixed leaks through operator in saved execution stacks
(bsc#1111480)
- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly
(bsc#1111479)
- CVE-2018-17183: Fixed a potential code injection by specially crafted
PostScript files (bsc#1109105)
Version update to 9.26 (bsc#1117331):
- Security issues have been the primary focus
- Minor bug fixes and improvements
- For release summary see: http://www.ghostscript.com/doc/9.26/News.htm
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1552=1
Package List:
- openSUSE Leap 15.0 (i586 x86_64):
ghostscript-9.26-lp150.2.9.1
ghostscript-debuginfo-9.26-lp150.2.9.1
ghostscript-debugsource-9.26-lp150.2.9.1
ghostscript-devel-9.26-lp150.2.9.1
ghostscript-mini-9.26-lp150.2.9.1
ghostscript-mini-debuginfo-9.26-lp150.2.9.1
ghostscript-mini-debugsource-9.26-lp150.2.9.1
ghostscript-mini-devel-9.26-lp150.2.9.1
ghostscript-x11-9.26-lp150.2.9.1
ghostscript-x11-debuginfo-9.26-lp150.2.9.1
- openSUSE Leap 15.0 (x86_64):
libspectre-debugsource-0.2.8-lp150.2.6.2
libspectre-devel-0.2.8-lp150.2.6.2
libspectre1-0.2.8-lp150.2.6.2
libspectre1-debuginfo-0.2.8-lp150.2.6.2
References:
https://www.suse.com/security/cve/CVE-2018-17183.html
https://www.suse.com/security/cve/CVE-2018-17961.html
https://www.suse.com/security/cve/CVE-2018-18073.html
https://www.suse.com/security/cve/CVE-2018-18284.html
https://www.suse.com/security/cve/CVE-2018-19409.html
https://www.suse.com/security/cve/CVE-2018-19475.html
https://www.suse.com/security/cve/CVE-2018-19476.html
https://www.suse.com/security/cve/CVE-2018-19477.html
https://bugzilla.suse.com/1109105
https://bugzilla.suse.com/1111479
https://bugzilla.suse.com/1111480
https://bugzilla.suse.com/1112229
https://bugzilla.suse.com/1117022
https://bugzilla.suse.com/1117274
https://bugzilla.suse.com/1117313
https://bugzilla.suse.com/1117327
https://bugzilla.suse.com/1117331
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4135-1: important: Security update for qemu
by opensuse-security@opensuse.org 15 Dec '18
by opensuse-security@opensuse.org 15 Dec '18
15 Dec '18
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4135-1
Rating: important
References: #1108474 #1114529
Cross-References: CVE-2018-16847
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for qemu fixes the following issues:
Security issue fixed:
- CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb
operations (bsc#1114529).
Non-security issue fixed:
- Fixed serial console issue that triggered a qemu-kvm bug (bsc#1108474).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1551=1
Package List:
- openSUSE Leap 15.0 (x86_64):
qemu-2.11.2-lp150.7.15.1
qemu-arm-2.11.2-lp150.7.15.1
qemu-arm-debuginfo-2.11.2-lp150.7.15.1
qemu-block-curl-2.11.2-lp150.7.15.1
qemu-block-curl-debuginfo-2.11.2-lp150.7.15.1
qemu-block-dmg-2.11.2-lp150.7.15.1
qemu-block-dmg-debuginfo-2.11.2-lp150.7.15.1
qemu-block-gluster-2.11.2-lp150.7.15.1
qemu-block-gluster-debuginfo-2.11.2-lp150.7.15.1
qemu-block-iscsi-2.11.2-lp150.7.15.1
qemu-block-iscsi-debuginfo-2.11.2-lp150.7.15.1
qemu-block-rbd-2.11.2-lp150.7.15.1
qemu-block-rbd-debuginfo-2.11.2-lp150.7.15.1
qemu-block-ssh-2.11.2-lp150.7.15.1
qemu-block-ssh-debuginfo-2.11.2-lp150.7.15.1
qemu-debuginfo-2.11.2-lp150.7.15.1
qemu-debugsource-2.11.2-lp150.7.15.1
qemu-extra-2.11.2-lp150.7.15.1
qemu-extra-debuginfo-2.11.2-lp150.7.15.1
qemu-guest-agent-2.11.2-lp150.7.15.1
qemu-guest-agent-debuginfo-2.11.2-lp150.7.15.1
qemu-ksm-2.11.2-lp150.7.15.1
qemu-kvm-2.11.2-lp150.7.15.1
qemu-lang-2.11.2-lp150.7.15.1
qemu-linux-user-2.11.2-lp150.7.15.1
qemu-linux-user-debuginfo-2.11.2-lp150.7.15.1
qemu-linux-user-debugsource-2.11.2-lp150.7.15.1
qemu-ppc-2.11.2-lp150.7.15.1
qemu-ppc-debuginfo-2.11.2-lp150.7.15.1
qemu-s390-2.11.2-lp150.7.15.1
qemu-s390-debuginfo-2.11.2-lp150.7.15.1
qemu-testsuite-2.11.2-lp150.7.15.1
qemu-tools-2.11.2-lp150.7.15.1
qemu-tools-debuginfo-2.11.2-lp150.7.15.1
qemu-x86-2.11.2-lp150.7.15.1
qemu-x86-debuginfo-2.11.2-lp150.7.15.1
- openSUSE Leap 15.0 (noarch):
qemu-ipxe-1.0.0+-lp150.7.15.1
qemu-seabios-1.11.0-lp150.7.15.1
qemu-sgabios-8-lp150.7.15.1
qemu-vgabios-1.11.0-lp150.7.15.1
References:
https://www.suse.com/security/cve/CVE-2018-16847.html
https://bugzilla.suse.com/1108474
https://bugzilla.suse.com/1114529
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4133-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Dec '18
by opensuse-security@opensuse.org 14 Dec '18
14 Dec '18
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4133-1
Rating: important
References: #1051510 #1055120 #1061840 #1065600 #1065729
#1068273 #1078248 #1082555 #1082653 #1083647
#1085535 #1089350 #1097755 #1104824 #1105428
#1106105 #1106237 #1106240 #1107256 #1107385
#1107866 #1108468 #1109772 #1109806 #1110006
#1110998 #1111062 #1111174 #1111183 #1111696
#1111809 #1112963 #1113295 #1113412 #1113501
#1113677 #1113722 #1113769 #1113780 #1114015
#1114178 #1114279 #1114385 #1114576 #1114577
#1114578 #1114580 #1114581 #1114582 #1114584
#1114839 #1115074 #1115269 #1115431 #1115433
#1115440 #1115567 #1115709 #1115976 #1116692
#1116693 #1116698 #1116699 #1116700 #1116701
#1116862 #1116863 #1116876 #1116877 #1116878
#1116891 #1116895 #1116899 #1116950 #1117168
#1117172 #1117174 #1117181 #1117184 #1117188
#1117189 #1117349 #1117561 #1117788 #1117789
#1117790 #1117791 #1117792 #1117794 #1117795
#1117796 #1117798 #1117799 #1117801 #1117802
#1117803 #1117804 #1117805 #1117806 #1117807
#1117808 #1117815 #1117816 #1117817 #1117818
#1117819 #1117820 #1117821 #1117822 #1118136
#1118137 #1118138 #1118140
Cross-References: CVE-2018-18281
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________
An update that solves one vulnerability and has 112 fixes
is now available.
Description:
The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to
receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
pagetable locks. If a syscall such as ftruncate() removes entries from
the pagetables of a task that is in the middle of mremap(), a stale TLB
entry can remain for a short time that permits access to a physical page
after it has been released back to the page allocator and reused.
(bnc#1113769).
The following non-security bugs were fixed:
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
(bsc#1051510).
- ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM
(bsc#1051510).
- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer
value (bsc#1051510).
- ACPICA: Tables: Add WSMT support (bsc#1089350).
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
(bsc#1051510).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- ALSA: control: Fix race between adding and removing a user element
(bsc#1051510).
- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop
(bsc#1051510).
- ALSA: hda/realtek - Allow skipping spec->init_amp detection
(bsc#1051510).
- ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- ALSA: hda/realtek - Support ALC300 (bsc#1051510).
- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
(bsc#1051510).
- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops
(bsc#1051510).
- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock
(bsc#1051510).
- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ARM: dts: at91: add new compatibility string for macb on sama5d3
(bsc#1051510).
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc
(bsc#1085535)
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using
pmc_plt_clk_0 (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- Btrfs: fix assertion on fsync of regular file when using no-holes
feature (bsc#1118137).
- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- Btrfs: fix deadlock on tree root leaf when finding free extent
(bsc#1116876).
- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- Btrfs: fix infinite loop on inode eviction after deduplication of eof
block (bsc#1116877).
- Btrfs: fix null pointer dereference on compressed write path error
(bsc#1116698).
- Btrfs: fix use-after-free during inode eviction (bsc#1116701).
- Btrfs: fix use-after-free when dumping free space (bsc#1116862).
- Btrfs: fix warning when replaying log after fsync of a tmpfile
(bsc#1116692).
- Btrfs: fix wrong dentries after fsync of file that got its parent
replaced (bsc#1116693).
- Btrfs: send, fix infinite loop due to directory rename dependencies
(bsc#1118138).
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list
(bsc#1051510).
- EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr()
(bsc#1114279).
- EDAC: Raise the maximum number of memory controllers (bsc#1113780).
- Fix kABI for "Ensure we commit after writeback is complete"
(bsc#1111809).
- Fix some patch headers which diverge from RFC5322 Manually fix some
patches which have an invalid header.
- HID: hiddev: fix potential Spectre v1 (bsc#1051510).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
(bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing
(bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad
(bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- KABI fix for "NFSv4.1: Fix up replays of interrupted requests"
(git-fixes).
- KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
- KABI: powerpc: Revert npu callback signature change (bsc#1055120).
- KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte
(bsc#1061840).
- KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into
it (bsc#1061840).
- KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode
(bsc#1061840).
- KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
- KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface
(bsc#1061840).
- KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
- KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9
v2.2 (bsc#1061840).
- KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9
(bsc#1061840).
- KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page
fault (bsc#1061840).
- KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
- KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs
(bsc#1061840).
- KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
(bsc#1061840).
- KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function
(bsc#1061840).
- KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping
size (bsc#1061840).
- KVM: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE
escalations (bsc#1061840).
- KVM: PPC: Book3S HV: Enable migration of decrementer register
(bsc#1061840).
- KVM: PPC: Book3S HV: Factor fake-suspend handling out of
kvmppc_save/restore_tm (bsc#1061840).
- KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory
backing (bsc#1061840).
- KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
- KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
- KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
- KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
(bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault
handler (bsc#1061840).
- KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing
code (bsc#1061840).
- KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
- KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts
(bsc#1061840).
- KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry
(bsc#1061840).
- KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
(bsc#1061840).
- KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler
(bsc#1061840).
- KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9
(bsc#1061840).
- KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded
(bsc#1061840).
- KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
- KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in
kvmppc_radix_tlbie_page (bsc#1061840).
- KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
- KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space
(bsc#1061840).
- KVM: PPC: Book3S HV: Radix page fault handler optimizations
(bsc#1061840).
- KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock
(bsc#1061840).
- KVM: PPC: Book3S HV: Recursively unmap all page table entries when
unmapping (bsc#1061840).
- KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
- KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
- KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers
(bsc#1061840).
- KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly
(bsc#1061840).
- KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry
(bsc#1061840).
- KVM: PPC: Book3S HV: Streamline setting of reference and change bits
(bsc#1061840).
- KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler
(bsc#1061840).
- KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path
(bsc#1061840).
- KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority
change (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write
bits do not match (bsc#1061840).
- KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes
(bsc#1061840).
- KVM: PPC: Book3S PR: Add guest MSR parameter for
kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
- KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate
file (bsc#1061840).
- KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
- KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller
physical pages (bsc#1061840).
- KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
- KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
- KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions
(bsc#1061840).
- KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
(bsc#1061840).
- KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
- KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue
(bsc#1061840).
- KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
- KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch
(bsc#1061840).
- KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- KVM: nVMX: move check_vmentry_postreqs() call to
nested_vmx_enter_non_root_mode() (bsc#1106240).
- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
(bsc#1106240).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- NFS: Avoid RCU usage in tracepoints (git-fixes).
- NFS: Ensure we commit after writeback is complete (bsc#1111809).
- NFS: Fix a typo in nfs_rename() (git-fixes).
- NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- NFS: Fix typo in nomigration mount option (git-fixes).
- NFS: Fix unstable write completion (git-fixes).
- NFS: commit direct writes even if they fail partially (git-fixes).
- NFSv4.0 fix client reference leak in callback (git-fixes).
- NFSv4.1 fix infinite loop on I/O (git-fixes).
- NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- NFSv4.1: Fix up replays of interrupted requests (git-fixes).
- NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set
(bsc#1051510).
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
(bsc#1051510).
- PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
(bsc#1051510).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: imx6: Fix link training status detection in link up check
(bsc#1109806).
- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
(git-fixes).
- USB: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510).
- USB: omap_udc: fix rejection of out transfers when DMA is used
(bsc#1051510).
- USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- USB: serial: option: add two-endpoints device-id flag (bsc#1051510).
- USB: serial: option: drop redundant interface-class test (bsc#1051510).
- USB: serial: option: improve Quectel EP06 detection (bsc#1051510).
- VFS: close race between getcwd() and d_move() (git-fixes).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- acpi, nfit: Fix ARS overflow continuation (bsc#1116895).
- acpi/nfit, x86/mce: Handle only uncorrectable machine checks
(bsc#1114279).
- acpi/nfit, x86/mce: Validate a MCE's address before using it
(bsc#1114279).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
(bsc#1106105).
- arm64: KVM: Move CPU ID reg trap setup off the world switch path
(bsc#1110998).
- arm64: KVM: Sanitize PSTATE.M when being set from userspace
(bsc#1110998).
- arm64: KVM: Tighten guest core register access from userspace
(bsc#1110998).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- autofs: fix autofs_sbi() does not check super block type (git-fixes).
- autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
- autofs: mount point create should honour passed in mode (git-fixes).
- badblocks: fix wrong return value in badblocks_set if badblocks are
disabled (git-fixes).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: free hwrm resources, if driver probe fails
(networking-stable-18_10_16).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also
(networking-stable-18_10_16).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf: wait for running BPF programs when updating map-in-map
(bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth
(bsc#1051510).
- bridge: do not add port to router list when receives query with source
0.0.0.0 (networking-stable-18_11_02).
- btrfs: make sure we create all new block groups (bsc#1116699).
- btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
(bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if
can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo
non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame
to access frame length (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to
__can_get_echo_skb() (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and
can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification
(bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking
(bsc#1051510).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating
(bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent
call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains
compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk
(bsc#1051510).
- configfs: replace strncpy with memcpy (bsc#1051510).
- crypto: simd - correctly take reqsize of wrapped skcipher into account
(bsc#1051510).
- do d_instantiate/unlock_new_inode combinations safely (git-fixes).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock
(bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type
(bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref
(bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
(bsc#1113722)
- drm/i915/execlists: Force write serialisation into context image vs
execution (bsc#1051510).
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit
(bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone
(bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut()
(bsc#1051510).
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
(bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
(bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors
(bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
(bsc#1117801).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
(bsc#1117792).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path
(bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
(bsc#1117806).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
resizing (bsc#1117798).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
(bsc#1117799).
- ext4: fix possible leak of s_journal_flag_rwsem in error path
(bsc#1117804).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path
(bsc#1117803).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix use-after-free race in ext4_remount()'s error path
(bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin()
(bsc#1117788).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
(bsc#1117790).
- ext4: release bs.bh before re-using in ext4_xattr_block_find()
(bsc#1117805).
- fbdev: fix broken menu dependencies (bsc#1113722)
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments
(networking-stable-18_11_21).
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
(git-fixes).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
(git-fixes).
- fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
- fscache: fix race between enablement and dropping of object
(bsc#1107385).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able
(bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
(bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- getname_kernel() needs to make sure that ->name != ->iname in long case
(git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error
path (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header
(networking-stable-18_09_24).
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: remove ndo_poll_controller ().
- iio: accel: adxl345: convert address field usage in iio_chan_spec
(bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count'
(bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator
(bsc#1051510).
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
(networking-stable-18_10_16).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
(bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
(bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_tunnel: be careful when accessing the inner header
(networking-stable-18_10_16).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel
(networking-stable-18_09_11).
- ip_tunnel: be careful when accessing the inner header
(networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked
(networking-stable-18_11_21).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu
(networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
state (networking-stable-18_09_11).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
called (networking-stable-18_11_02).
- ipv6: fix possible use-after-free in ip6_xmit()
(networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check
(networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
(bsc#1051510).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts
(bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware
(bsc#1051510).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- kABI: protect struct fib_nh_exception (kabi).
- kABI: protect struct rtable (kabi).
- kabi/severities: ignore __xive_vm_h_* KVM internal symbols.
- kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports
of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm
mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer
exported because the code was consolideted in one place. These helpers
are to be called in realmode and linking to them from non-KVM modules is
a bug. Hence removing them does not break KABI.
- kabi: mask raw in struct bpf_reg_state (bsc#1083647).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: move "_all" target out of $(KBUILD_SRC) conditional
(bsc#1114279).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libnvdimm, region: Fail badblocks listing for inactive regions
(bsc#1116899).
- libnvdimm: Hold reference on parent while scheduling async init
(bsc#1116891).
- livepatch: create and include UAPI headers ().
- llc: set SOCK_RCU_FREE in llc_sap_add_socket()
(networking-stable-18_11_02).
- lockd: fix "list_add double add" caused by legacy signal interface
(git-fixes).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio
(bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers
(bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not
(git-fixes).
- md/raid10: fix that replacement cannot complete recovery after
reassemble (git-fixes).
- md/raid1: add error handling of read error from FailFast device
(git-fixes).
- md/raid5-cache: disable reshape completely (git-fixes).
- md/raid5: fix data corruption of replacements after originals dropped
(git-fixes).
- md: fix NULL dereference of mddev->pers in remove_and_add_spares()
(git-fixes).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration
(networking-stable-18_11_21).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
(bsc#1051510).
- modpost: ignore livepatch unresolved relocations ().
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
(bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- neighbour: confirm neigh entries when ARP packet is received
(networking-stable-18_09_24).
- net-gro: reset skb->pkt_type in napi_reuse_skb()
(networking-stable-18_11_21).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501,
LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501,
LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
(networking-stable-18_09_24).
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6
(networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
(networking-stable-18_11_02).
- net/mlx5: Check for error in mlx5_attach_interface
(networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB
tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate
(networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow
(networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow
(networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
(networking-stable-18_11_02).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules
(networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso
(networking-stable-18_10_16).
- net/sched: act_pedit: fix dump of extended layered op
(networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path
(networking-stable-18_09_24).
- net/usb: cancel pending work when unbinding smsc75xx
(networking-stable-18_10_16).
- net: aquantia: memory corruption on jumbo frames
(networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5
(networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy
(networking-stable-18_09_11).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume
(networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_com
(bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev
(bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure
(bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696
bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error
handling (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization
(bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696
bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696
bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability
(bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver
removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696
bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA
spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues
(bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init()
(bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum
status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available
(networking-stable-18_11_02).
- net: hns: fix for unmapping problem when SMMU is on
(networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state
(networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: macb: do not disable MDIO bus at open/close time
(networking-stable-18_09_11).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
(networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs
(networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers
(networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL
(networking-stable-18_09_11).
- net: sched: action_ife: take reference to meta module
(networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def()
(networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
(networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path
(networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume
(networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets
(networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get
(networking-stable-18_10_16).
- nfp: wait for posted reconfigs when disabling the device
(networking-stable-18_09_11).
- nfs: do not wait on commit in nfs_commit_inode() if there were no commit
requests (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
(git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks
(git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
(git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
(git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Include asm/barrier.h dependency (bsc#1114279).
- nvme: Free ctrl device name on init failure ().
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
(bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list
(bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the
item->ci_parent (bsc#1117808).
- openvswitch: Fix push/pop ethernet validation
(networking-stable-18_11_02).
- pNFS: Always free the session slot on error in
nfs4_layoutget_handle_exception (git-fixes).
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc()
(git-fixes).
- pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been
already applied by the following commit: 9f73db8b7c PCI: dwc: Fix
enumeration end when reaching root subordinate (bsc#1051510)
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
(bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
(bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- pinctrl: at91-pio4: fix has_config check in
atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
(bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
(bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
(bsc#1051510).
- pipe: match pipe_max_size data type with procfs (git-fixes).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
(bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pnfs: Do not release the sequence slot until we've processed layoutget
on open (git-fixes).
- power: supply: max8998-charger: Fix platform data retrieval
(bsc#1051510).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
(bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
- powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
(bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8
(bsc#1065729).
- powerpc/powernv/ioda: Allocate indirect TCE levels on demand
(bsc#1061840).
- powerpc/powernv/ioda: Finish removing explicit max window size check
(bsc#1061840).
- powerpc/powernv/ioda: Remove explicit max window size check
(bsc#1061840).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context
init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex()
callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm()
(bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling
(bsc#1055120).
- powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage
(bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts
disabled (bsc#1065729).
- powerpc/powernv: Move TCE manupulation code to its own file
(bsc#1061840).
- powerpc/powernv: Rework TCE level allocation (bsc#1061840).
- powerpc/pseries/mobility: Extend start/stop topology update scope
(bsc#1116950, bsc#1115709).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/xive: Move definition of ESB bits (bsc#1061840).
- powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
- pppoe: fix reception of frames with no mac header
(networking-stable-18_09_24).
- printk: Fix panic caused by passing log_buf_len to command line
(bsc#1117168).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- pwm: lpss: Release runtime-pm reference from the driver's remove
callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
(bsc#1051510).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- resource: Include resource end in walk_*() interfaces (bsc#1114279).
- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting
with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of
tree modules. Add it to kernel-${flavor}-devel packages if it exists.
- rpm/kernel-binary.spec.in: allow unsupported modules for -extra
(bsc#1111183). SLE-15 and later only.
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rpm: use syncconfig instead of silentoldconfig where available Since
mainline commit 0085b4191f3e ("kconfig: remove silentoldconfig target"),
"make silentoldconfig" can be no longer used. Use "make syncconfig"
instead if available.
- rtnetlink: Disallow FDB configuration for non-Ethernet device
(networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header
(networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
(networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390/sclp_tty: enable line mode tty even if there is an ascii console
(git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501,
LTC#172682).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
function (bnc#1113501, LTC#172682).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue
- scsi: core: Avoid that SCSI device removal through sysfs triggers a
deadlock (bsc#1114578).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline
(bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change
(bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics
(bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
(bsc#1114015).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point
(bsc#1114015).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster
failover (bsc#1114015).
- scsi: lpfc: Raise nvme defaults to support a larger io and more
connectivity (bsc#1114015).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver
PLOGI retry (bsc#1114015).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
(bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources
(bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'
(bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
(bsc#1114578).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code
(bsc#1114577).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target: tcmu: add read length support (bsc#1097755).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event
(networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in
sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt
(networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request
(networking-stable-18_11_21).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
(bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in
'rtw_wx_read32()' (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- target: fix buffer offset in core_scsi3_pri_read_full_status
(bsc1117349).
- tcp: do not restart timewait timer on rst reception
(networking-stable-18_09_11).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend
(bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend
(bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data
(networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect
(networking-stable-18_10_16).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result
(bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to
tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header
(bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit()
(bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers
(bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tty: Do not block on IO when ldisc change is pending (bnc#1105428).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink
(bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets
(networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing
(networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: Fix an Oops on load (bsc#1051510).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: dwc2: host: Do not retry NAKed transactions right away
(bsc#1114385).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers
(bsc#1114385).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
(bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
(bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
(bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- vfs: fix freeze protection in mnt_want_write_file() for overlayfs
(git-fixes).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine
(networking-stable-18_11_02).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/MCE: Make correctable error detection look at the Deferred bit
(bsc#1114279).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot
option without value is provided (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12
(bsc#1109772).
- x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous
(bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal
(bsc#1111062).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xhci: Add check for invalid byte size error when UAS devices are
connected (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1548=1
Package List:
- openSUSE Leap 15.0 (noarch):
kernel-devel-4.12.14-lp150.12.28.1
kernel-docs-4.12.14-lp150.12.28.1
kernel-docs-html-4.12.14-lp150.12.28.1
kernel-macros-4.12.14-lp150.12.28.1
kernel-source-4.12.14-lp150.12.28.1
kernel-source-vanilla-4.12.14-lp150.12.28.1
- openSUSE Leap 15.0 (x86_64):
kernel-debug-4.12.14-lp150.12.28.1
kernel-debug-base-4.12.14-lp150.12.28.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1
kernel-debug-debuginfo-4.12.14-lp150.12.28.1
kernel-debug-debugsource-4.12.14-lp150.12.28.1
kernel-debug-devel-4.12.14-lp150.12.28.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-default-4.12.14-lp150.12.28.1
kernel-default-base-4.12.14-lp150.12.28.1
kernel-default-base-debuginfo-4.12.14-lp150.12.28.1
kernel-default-debuginfo-4.12.14-lp150.12.28.1
kernel-default-debugsource-4.12.14-lp150.12.28.1
kernel-default-devel-4.12.14-lp150.12.28.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-4.12.14-lp150.12.28.1
kernel-kvmsmall-base-4.12.14-lp150.12.28.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1
kernel-kvmsmall-devel-4.12.14-lp150.12.28.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1
kernel-obs-build-4.12.14-lp150.12.28.1
kernel-obs-build-debugsource-4.12.14-lp150.12.28.1
kernel-obs-qa-4.12.14-lp150.12.28.1
kernel-syms-4.12.14-lp150.12.28.1
kernel-vanilla-4.12.14-lp150.12.28.1
kernel-vanilla-base-4.12.14-lp150.12.28.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1
kernel-vanilla-debugsource-4.12.14-lp150.12.28.1
kernel-vanilla-devel-4.12.14-lp150.12.28.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1
References:
https://www.suse.com/security/cve/CVE-2018-18281.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1055120
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1068273
https://bugzilla.suse.com/1078248
https://bugzilla.suse.com/1082555
https://bugzilla.suse.com/1082653
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085535
https://bugzilla.suse.com/1089350
https://bugzilla.suse.com/1097755
https://bugzilla.suse.com/1104824
https://bugzilla.suse.com/1105428
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106237
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1107256
https://bugzilla.suse.com/1107385
https://bugzilla.suse.com/1107866
https://bugzilla.suse.com/1108468
https://bugzilla.suse.com/1109772
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1110006
https://bugzilla.suse.com/1110998
https://bugzilla.suse.com/1111062
https://bugzilla.suse.com/1111174
https://bugzilla.suse.com/1111183
https://bugzilla.suse.com/1111696
https://bugzilla.suse.com/1111809
https://bugzilla.suse.com/1112963
https://bugzilla.suse.com/1113295
https://bugzilla.suse.com/1113412
https://bugzilla.suse.com/1113501
https://bugzilla.suse.com/1113677
https://bugzilla.suse.com/1113722
https://bugzilla.suse.com/1113769
https://bugzilla.suse.com/1113780
https://bugzilla.suse.com/1114015
https://bugzilla.suse.com/1114178
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114385
https://bugzilla.suse.com/1114576
https://bugzilla.suse.com/1114577
https://bugzilla.suse.com/1114578
https://bugzilla.suse.com/1114580
https://bugzilla.suse.com/1114581
https://bugzilla.suse.com/1114582
https://bugzilla.suse.com/1114584
https://bugzilla.suse.com/1114839
https://bugzilla.suse.com/1115074
https://bugzilla.suse.com/1115269
https://bugzilla.suse.com/1115431
https://bugzilla.suse.com/1115433
https://bugzilla.suse.com/1115440
https://bugzilla.suse.com/1115567
https://bugzilla.suse.com/1115709
https://bugzilla.suse.com/1115976
https://bugzilla.suse.com/1116692
https://bugzilla.suse.com/1116693
https://bugzilla.suse.com/1116698
https://bugzilla.suse.com/1116699
https://bugzilla.suse.com/1116700
https://bugzilla.suse.com/1116701
https://bugzilla.suse.com/1116862
https://bugzilla.suse.com/1116863
https://bugzilla.suse.com/1116876
https://bugzilla.suse.com/1116877
https://bugzilla.suse.com/1116878
https://bugzilla.suse.com/1116891
https://bugzilla.suse.com/1116895
https://bugzilla.suse.com/1116899
https://bugzilla.suse.com/1116950
https://bugzilla.suse.com/1117168
https://bugzilla.suse.com/1117172
https://bugzilla.suse.com/1117174
https://bugzilla.suse.com/1117181
https://bugzilla.suse.com/1117184
https://bugzilla.suse.com/1117188
https://bugzilla.suse.com/1117189
https://bugzilla.suse.com/1117349
https://bugzilla.suse.com/1117561
https://bugzilla.suse.com/1117788
https://bugzilla.suse.com/1117789
https://bugzilla.suse.com/1117790
https://bugzilla.suse.com/1117791
https://bugzilla.suse.com/1117792
https://bugzilla.suse.com/1117794
https://bugzilla.suse.com/1117795
https://bugzilla.suse.com/1117796
https://bugzilla.suse.com/1117798
https://bugzilla.suse.com/1117799
https://bugzilla.suse.com/1117801
https://bugzilla.suse.com/1117802
https://bugzilla.suse.com/1117803
https://bugzilla.suse.com/1117804
https://bugzilla.suse.com/1117805
https://bugzilla.suse.com/1117806
https://bugzilla.suse.com/1117807
https://bugzilla.suse.com/1117808
https://bugzilla.suse.com/1117815
https://bugzilla.suse.com/1117816
https://bugzilla.suse.com/1117817
https://bugzilla.suse.com/1117818
https://bugzilla.suse.com/1117819
https://bugzilla.suse.com/1117820
https://bugzilla.suse.com/1117821
https://bugzilla.suse.com/1117822
https://bugzilla.suse.com/1118136
https://bugzilla.suse.com/1118137
https://bugzilla.suse.com/1118138
https://bugzilla.suse.com/1118140
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4132-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Dec '18
by opensuse-security@opensuse.org 14 Dec '18
14 Dec '18
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4132-1
Rating: important
References: #1012382 #1027457 #1042286 #1046264 #1066223
#1094973 #1102439 #1103624 #1104731 #1106105
#1106237 #1106240 #1107385 #1108145 #1109330
#1109806 #1111062 #1111809 #1112246 #1112963
#1113412 #1113766 #1114190 #1114475 #1114763
#1114839 #1115433 #1115440 #1115709 #1116285
#1116497 #1116924 #1116950 #1117562 #985031
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive
various bugfixes.
The following non-security bugs were fixed:
- 9p locks: fix glock.client_id leak in do_lock (bnc#1012382).
- 9p: clear dangling pointers in p9stat_free (bnc#1012382).
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
(bnc#1012382).
- ACPI / platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382).
- ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
(bnc#1012382).
- ALSA: hda: Check the non-cached stream buffers more explicitly
(bnc#1012382).
- ALSA: timer: Fix zero-division by continue of uninitialized instance
(bnc#1012382).
- ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with
DT code (bsc#985031).
- ARM: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382).
- ARM: dts: apq8064: add ahci ports-implemented mask (bnc#1012382).
- ARM: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382).
- ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382).
- ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382).
- ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382).
- Bluetooth: SMP: fix crash in unpairing (bnc#1012382).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382).
- Btrfs: fix data corruption due to cloning of eof block (bnc#1012382).
- Btrfs: fix null pointer dereference on compressed write path error
(bnc#1012382).
- Btrfs: fix wrong dentries after fsync of file that got its parent
replaced (bnc#1012382).
- CIFS: handle guest access errors to Windows shares (bnc#1012382).
- Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382).
- Fix kABI for "Ensure we commit after writeback is complete"
(bsc#1111809).
- HID: hiddev: fix potential Spectre v1 (bnc#1012382).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
(bnc#1012382).
- IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382).
- KEYS: put keyring if install_session_keyring_to_cred() fails
(bnc#1012382).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- MD: fix invalid stored role for a disk (bnc#1012382).
- MD: fix invalid stored role for a disk - try2 (bnc#1012382).
- MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
(bnc#1012382).
- MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382).
- MIPS: Handle non word sized instructions when examining frame
(bnc#1012382).
- MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382).
- MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382).
- MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382).
- MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382).
- MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382).
- NFS: Ensure we commit after writeback is complete (bsc#1111809).
- NFSv4.1: Fix the r/wsize checking (bnc#1012382).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set
(bsc#1109806).
- PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806).
- PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
(bnc#1012382).
- PCI: vmd: Detach resources after stopping root bus (bsc#1106105).
- PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
(bnc#1012382).
- Provide a temporary fix for STIBP on-by-default See bsc#1116497 for
details.
- RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382).
- Reorder a few commits in kGraft out of tree section
- Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
(bnc#1012382).
- Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839).
- Revert "media: v4l: event: Add subscription to list before calling "add"
operation" (kabi).
- Revert "media: videobuf2-core: do not call memop 'finish' when queueing"
(bnc#1012382).
- Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi).
- SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
(bnc#1012382).
- TC: Set DMA masks for devices (bnc#1012382).
- USB: fix the usbfs flag sanitization for control transfers (bnc#1012382).
- USB: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382).
- USB: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382).
- af_iucv: Move sockaddr length checks to before accessing sa_family in
bind and connect handlers (bnc#1012382).
- ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
(bsc#1106105).
- arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
(bnc#1012382).
- arm64: Disable asm-operand-width warning for clang (bnc#1012382).
- arm64: dts: stratix10: Correct System Manager register size
(bnc#1012382).
- arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763).
- arm64: percpu: Initialize ret in the default case (bnc#1012382).
- arm: fix mis-applied iommu identity check (bsc#1116924).
- asix: Check for supported Wake-on-LAN modes (bnc#1012382).
- ataflop: fix error handling during setup (bnc#1012382).
- ath10k: schedule hardware restart if WMI command times out (bnc#1012382).
- ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382).
- bcache: fix miss key refill->end in writeback (bnc#1012382).
- binfmt_elf: fix calculations for bss padding (bnc#1012382).
- bitops: protect variables in bit_clear_unless() macro (bsc#1116285).
- block: fix inheriting request priority from bio (bsc#1116924).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- bna: ethtool: Avoid reading past end of buffer (bnc#1012382).
- bpf: generally move prog destruction to RCU deferral (bnc#1012382).
- bridge: do not add port to router list when receives query with source
0.0.0.0 (bnc#1012382).
- btrfs: Handle owner mismatch gracefully when walking up tree
(bnc#1012382).
- btrfs: do not attempt to trim devices that do not support it
(bnc#1012382).
- btrfs: fix backport error in submit_stripe_bio (bsc#1114763).
- btrfs: fix pinned underflow after transaction aborted (bnc#1012382).
- btrfs: iterate all devices during trim, instead of
fs_devices::alloc_list (bnc#1012382).
- btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid
deadlock (bnc#1012382).
- btrfs: make sure we create all new block groups (bnc#1012382).
- btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382).
- btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382).
- btrfs: set max_extent_size properly (bnc#1012382).
- btrfs: wait on caching when putting the bg cache (bnc#1012382).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
(bnc#1012382).
- cdc-acm: correct counting of UART states in serial state notification
(bnc#1012382).
- ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok
(bsc#1114763).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes).
- clk: s2mps11: Fix matching when built as module and DT node contains
compatible (bnc#1012382).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk
(bnc#1012382).
- configfs: replace strncpy with memcpy (bnc#1012382).
- cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
(bnc#1012382).
- crypto, x86: aesni - fix token pasting for clang (bnc#1012382).
- crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382).
- crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382).
- crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
(bnc#1012382).
- cxgb4: Add support for new flash parts (bsc#1102439).
- cxgb4: Fix FW flash errors (bsc#1102439).
- cxgb4: assume flash part size to be 4MB, if it can't be determined
(bsc#1102439).
- cxgb4: fix missing break in switch and indent return statements
(bsc#1102439).
- cxgb4: support new ISSI flash parts (bsc#1102439).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users
(bnc#1012382).
- dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264).
- dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382).
- dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock
(bnc#1012382).
- drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bnc#1012382).
- drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer
(bsc#1113766)
- drm/hisilicon: hibmc: Do not overwrite fb helper surface depth
(bsc#1113766)
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382).
- drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382).
- drm/omap: fix memory barrier bug in DMM driver (bnc#1012382).
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382).
- e1000: avoid null pointer dereference on invalid stat type (bnc#1012382).
- e1000: fix race condition between e1000_down() and e1000_watchdog
(bnc#1012382).
- efi/libstub/arm64: Force 'hidden' visibility for section markers
(bnc#1012382).
- efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
(bnc#1012382).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
(bnc#1012382).
- ext4: add missing brelse() update_backups()'s error path (bnc#1012382).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors
(bnc#1012382).
- ext4: avoid possible double brelse() in add_new_gdb() on error path
(bnc#1012382).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
(bnc#1012382).
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path
(bnc#1012382).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
(bnc#1012382).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
resizing (bnc#1012382).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
(bnc#1012382).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path
(bnc#1012382).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin()
(bnc#1012382).
- ext4: release bs.bh before re-using in ext4_xattr_block_find()
(bnc#1012382).
- fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add
(bsc#1114763).
- flow_dissector: do not dissect l4 ports for fragments (bnc#1012382).
- fs, elf: make sure to page align bss in load_elf_library (bnc#1012382).
- fs/exofs: fix potential memory leak in mount option parsing
(bnc#1012382).
- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
(bnc#1012382).
- fscache: fix race between enablement and dropping of object
(bsc#1107385).
- fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
(bnc#1012382).
- fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382).
- fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382).
- fuse: fix blocked_waitq wakeup (bnc#1012382).
- fuse: fix leaked notify reply (bnc#1012382).
- fuse: set FR_SENT while locked (bnc#1012382).
- genirq: Fix race on spurious interrupt detection (bnc#1012382).
- gfs2: Put bitmap buffers in put_super (bnc#1012382).
- gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382).
- gpio: msic: fix error return code in platform_msic_gpio_probe()
(bnc#1012382).
- gpu: host1x: fix error return code in host1x_probe() (bnc#1012382).
- hfs: prevent btree data loss on root split (bnc#1012382).
- hfsplus: prevent btree data loss on root split (bnc#1012382).
- hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382).
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382).
- hwmon: (pmbus) Fix page count auto-detection (bnc#1012382).
- ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433).
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440).
- ibmvnic: remove ndo_poll_controller ().
- igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382).
- iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382).
- iio: adc: at91: fix wrong channel number in triggered buffer mode
(bnc#1012382).
- ima: fix showing large 'violations' or 'runtime_measurements_count'
(bnc#1012382).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
(bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
(bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip_tunnel: do not force DF when MTU is locked (bnc#1012382).
- ipmi: Fix timer race with module unload (bnc#1012382).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
called (bnc#1012382).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
(bnc#1012382).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382).
- ipv6: orphan skbs in reassembly unit (bnc#1012382).
- ipv6: set rt6i_protocol properly in the route when it is installed
(bsc#1114190).
- ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382).
- jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382).
- kABI: protect struct azx (kabi).
- kABI: protect struct cfs_bandwidth (kabi).
- kABI: protect struct esp (kabi).
- kABI: protect struct fuse_io_priv (kabi).
- kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes).
- kbuild, LLVMLinux: Add -Werror to cc-option to support clang
(bnc#1012382).
- kbuild: Add __cc-option macro (bnc#1012382).
- kbuild: Add better clang cross build support (bnc#1012382).
- kbuild: Add support to generate LLVM assembly files (bnc#1012382).
- kbuild: Consolidate header generation from ASM offset information
(bnc#1012382).
- kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382).
- kbuild: allow to use GCC toolchain not in Clang search path
(bnc#1012382).
- kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382).
- kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382).
- kbuild: clang: disable unused variable warnings only when constant
(bnc#1012382).
- kbuild: clang: fix build failures with sparse check (bnc#1012382).
- kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382).
- kbuild: consolidate redundant sed script ASM offset generation
(bnc#1012382).
- kbuild: drop -Wno-unknown-warning-option from clang options
(bnc#1012382).
- kbuild: fix asm-offset generation to work with clang (bnc#1012382).
- kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382).
- kbuild: fix linker feature test macros when cross compiling with Clang
(bnc#1012382).
- kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
(bnc#1012382).
- kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382).
- kbuild: use -Oz instead of -Os when using clang (bnc#1012382).
- kernel-source.spec: Align source numbering.
- kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382).
- kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
(bnc#1012382).
- lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382).
- lib/raid6: Fix arm64 test build (bnc#1012382).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libfc: sync strings with upstream versions (bsc#1114763).
- libnvdimm: Hold reference on parent while scheduling async init
(bnc#1012382).
- lockd: fix access beyond unterminated strings in prints (bnc#1012382).
- locking/lockdep: Fix debug_locks off performance problem (bnc#1012382).
- mac80211: Always report TX status (bnc#1012382).
- mac80211_hwsim: do not omit multicast announce of first added radio
(bnc#1012382).
- mach64: fix display corruption on big endian machines (bnc#1012382).
- mach64: fix image corruption due to reading accelerator registers
(bnc#1012382).
- media: em28xx: fix input name for Terratec AV 350 (bnc#1012382).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero
(bnc#1012382).
- media: em28xx: use a default format if TRY_FMT fails (bnc#1012382).
- media: pci: cx23885: handle adding to list failure (bnc#1012382).
- media: tvp5150: fix width alignment during set_selection() (bnc#1012382).
- media: v4l: event: Add subscription to list before calling "add"
operation (bnc#1012382).
- misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
(bnc#1012382).
- mm, elf: handle vm_brk error (bnc#1012382).
- mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382).
- mm: migration: fix migration of huge PMD shared pages (bnc#1012382).
- mm: refuse wrapped vm_brk requests (bnc#1012382).
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
(bnc#1012382).
- modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382).
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
(bnc#1012382).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382).
- mount: Retest MNT_LOCKED in do_umount (bnc#1012382).
- mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382).
- mtd: spi-nor: Add support for is25wp series chips (bnc#1012382).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1114475,
LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475,
LTC#172679).
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ipv4: defensive cipso option parsing (bnc#1012382).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
(bnc#1012382).
- net: bridge: remove ipv6 zero address check in mcast queries
(bnc#1012382).
- net: cxgb3_main: fix a missing-check bug (bnc#1012382).
- net: drop skb on failure in ip_check_defrag() (bnc#1012382).
- net: drop write-only stack variable (bnc#1012382).
- net: ena: Fix Kconfig dependency on X86 (bsc#1117562).
- net: ena: add functions for handling Low Latency Queues in ena_com
(bsc#1117562).
- net: ena: add functions for handling Low Latency Queues in ena_netdev
(bsc#1117562).
- net: ena: change rx copybreak default to reduce kernel memory pressure
(bsc#1117562).
- net: ena: complete host info to match latest ENA spec (bsc#1117562).
- net: ena: enable Low Latency Queues (bsc#1117562).
- net: ena: explicit casting and initialization, and clearer error
handling (bsc#1117562).
- net: ena: fix NULL dereference due to untimely napi initialization
(bsc#1117562).
- net: ena: fix auto casting to boolean (bsc#1117562).
- net: ena: fix compilation error in xtensa architecture (bsc#1117562).
- net: ena: fix crash during failed resume from hibernation (bsc#1117562).
- net: ena: fix indentations in ena_defs for better readability
(bsc#1117562).
- net: ena: fix rare bug when failed restart/resume is followed by driver
removal (bsc#1117562).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562).
- net: ena: introduce Low Latency Queues data structures according to ENA
spec (bsc#1117562).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues
(bsc#1117562).
- net: ena: minor performance improvement (bsc#1117562).
- net: ena: remove ndo_poll_controller (bsc#1117562).
- net: ena: remove redundant parameter in ena_com_admin_init()
(bsc#1117562).
- net: ena: update driver version to 2.0.1 (bsc#1117562).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum
status (bsc#1117562).
- net: ibm: fix return type of ndo_start_xmit function ().
- net: qla3xxx: Remove overflowing shift statement (bnc#1012382).
- net: sched: gred: pass the right attribute to gred_change_table_def()
(bnc#1012382).
- net: socket: fix a missing-check bug (bnc#1012382).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
(bnc#1012382).
- netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
(bnc#1012382).
- netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
(bnc#1012382).
- netfilter: xt_IDLETIMER: add sysfs filename checking routine
(bnc#1012382).
- new helper: uaccess_kernel() (bnc#1012382).
- nfsd: Fix an Oops in free_session() (bnc#1012382).
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
(bnc#1012382).
- pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path
(git-fixes).
- pNFS/flexfiles: When checking for available DSes, conditionally check
for MDS io (git-fixes).
- pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes).
- parisc: Fix address in HPMC IVA (bnc#1012382).
- parisc: Fix map_pages() to not overwrite existing pte entries
(bnc#1012382).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
(bnc#1012382).
- perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382).
- perf tools: Disable parallelism for 'make clean' (bnc#1012382).
- perf tools: Free temporary 'sys' string in read_event_files()
(bnc#1012382).
- perf/core: Do not leak event in the syscall error path (bnc#1012382).
- perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
(bnc#1012382).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
(bnc#1012382).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
(bnc#1012382).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
(bnc#1012382).
- pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes).
- powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382).
- powerpc/msi: Fix compile error on mpc83xx (bnc#1012382).
- powerpc/nohash: fix undefined behaviour when testing page size support
(bnc#1012382).
- powerpc/powernv/pci: Work around races in PCI bridge enabling
(bsc#1066223).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1066223).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts
disabled (bsc#1066223).
- powerpc/pseries/mobility: Extend start/stop topology update scope
(bsc#1116950, bsc#1115709).
- powerpc/pseries: Fix DTL buffer registration (bsc#1066223).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223).
- printk: Fix panic caused by passing log_buf_len to command line
(bnc#1012382).
- ptp: fix Spectre v1 vulnerability (bnc#1012382).
- pxa168fb: prepare the clock (bnc#1012382).
- r8152: Check for supported Wake-on-LAN Modes (bnc#1012382).
- r8169: fix NAPI handling under high load (bnc#1012382).
- reiserfs: propagate errors from fill_with_dentries() properly
(bnc#1012382).
- rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes).
- rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash
possibly (bsc#1042286 bsc#1108145).
- rtc: hctosys: Add missing range error reporting (bnc#1012382).
- rtnetlink: Disallow FDB configuration for non-Ethernet device
(bnc#1012382).
- s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382).
- s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953).
- s390/vdso: add missing FORCE to build targets (bnc#1012382).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475,
LTC#172682).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
function (bnc#1114475, LTC#172682).
- sc16is7xx: Fix for multi-channel stall (bnc#1012382).
- sch_red: update backlog as well (bnc#1012382).
- sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382).
- sched/fair: Fix throttle_list starvation with low CFS quota
(bnc#1012382).
- scsi: aacraid: Fix typo in blink status (bnc#1012382).
- scsi: core: Allow state transitions from OFFLINE to BLOCKED
(bsc#1112246).
- scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382).
- scsi: libfc: check fc_frame_payload_get() return value for null
(bsc#1103624, bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: lpfc: Correct soft lockup when running mds diagnostics
(bnc#1012382).
- scsi: megaraid_sas: fix a missing-check bug (bnc#1012382).
- scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
(bsc#1094973).
- scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
(bnc#1012382).
- scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe
failure (bsc#1094973).
- sctp: fix race on sctp_id2asoc (bnc#1012382).
- selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382).
- ser_gigaset: use container_of() instead of detour (bnc#1012382).
- signal/GenWQE: Fix sending of SIGKILL (bnc#1012382).
- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid
namespace init (bnc#1012382).
- smb3: allow stats which track session and share reconnects to be reset
(bnc#1012382).
- smb3: do not attempt cifs operation in smb3 query info error path
(bnc#1012382).
- smb3: on kerberos mount if server does not specify auth type use krb5
(bnc#1012382).
- smsc75xx: Check for Wake-on-LAN modes (bnc#1012382).
- smsc95xx: Check for Wake-on-LAN modes (bnc#1012382).
- soc/tegra: pmc: Fix child-node lookup (bnc#1012382).
- sparc/pci: Refactor dev_archdata initialization into
pci_init_dev_archdata (bnc#1012382).
- sparc64 mm: Fix more TSB sizing issues (bnc#1012382).
- sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382).
- sparc: Fix single-pcr perf event counter management (bnc#1012382).
- spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
(bnc#1012382).
- spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382).
- spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382).
- sr9800: Check for supported Wake-on-LAN modes (bnc#1012382).
- sunrpc: correct the computation for page_ptr when truncating
(bnc#1012382).
- svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes).
- swim: fix cleanup on setup error (bnc#1012382).
- termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
paths (bnc#1012382).
- thermal: allow spear-thermal driver to be a module (bnc#1012382).
- thermal: allow u8500-thermal driver to be a module (bnc#1012382).
- tpm: suppress transmit cmd error logs when TPM 1.2 is
disabled/deactivated (bnc#1012382).
- tracing: Skip more functions when doing stack tracing of events
(bnc#1012382).
- tty: check name length in tty_find_polling_driver() (bnc#1012382).
- tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382).
- tun: Consistently configure generic netdev params via rtnetlink
(bnc#1012382).
- uio: Fix an Oops on load (bnc#1012382).
- uio: ensure class is registered before devices (bnc#1012382).
- uio: make symbol 'uio_class_registered' static (git-fixes).
- um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382).
- um: Give start_idle_thread() a return code (bnc#1012382).
- usb-storage: fix bogus hardware error messages for ATA pass-thru devices
(bnc#1012382).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382).
- usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382).
- usb: dwc3: omap: fix error return code in dwc3_omap_probe()
(bnc#1012382).
- usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
(bnc#1012382).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382).
- usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382).
- vhost: Fix Spectre V1 vulnerability (bnc#1012382).
- video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
(bnc#1012382).
- vti6: flush x-netns xfrm cache when vti interface is removed
(bnc#1012382).
- w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382).
- x86/boot: #undef memcpy() et al in string.c (bnc#1012382).
- x86/build: Fix stack alignment for CLang (bnc#1012382).
- x86/build: Specify stack alignment for clang (bnc#1012382).
- x86/build: Use __cc-option for boot code compiler options (bnc#1012382).
- x86/build: Use cc-option to validate stack alignment parameter
(bnc#1012382).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot
option without value is provided (bnc#1012382).
- x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382).
- x86/kconfig: Fall back to ticket spinlocks (bnc#1012382).
- x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around
Clang incompatibility (bnc#1012382).
- x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382).
- x86: boot: Fix EFI stub alignment (bnc#1012382).
- xen-swiotlb: use actually allocated size on check physical continuous
(bnc#1012382).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal
(bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1012382).
- xen: fix xen_qlock_wait() (bnc#1012382).
- xen: make xen_qlock_wait() nestable (bnc#1012382).
- xfrm6: call kfree_skb when skb is toobig (bnc#1012382).
- xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382).
- xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382).
- xfrm: use complete IPv6 addresses for hash (bsc#1109330).
- xfrm: validate template mode (bnc#1012382).
- xfs/dmapi: restore event in xfs_getbmap (bsc#1114763).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes).
- xprtrdma: Disable pad optimization by default (git-fixes).
- xprtrdma: Fix Read chunk padding (git-fixes).
- xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes).
- xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes).
- xprtrdma: Fix receive buffer accounting (git-fixes).
- xprtrdma: Serialize credit accounting again (git-fixes).
- xprtrdma: checking for NULL instead of IS_ERR() (git-fixes).
- xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
(git-fixes).
- xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes).
- xtensa: add NOTES section to the linker script (bnc#1012382).
- xtensa: fix boot parameters address translation (bnc#1012382).
- xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382).
- zram: close udev startup race condition as default groups (bnc#1012382).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1549=1
Package List:
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.165-81.1
kernel-docs-4.4.165-81.1
kernel-docs-html-4.4.165-81.1
kernel-docs-pdf-4.4.165-81.1
kernel-macros-4.4.165-81.1
kernel-source-4.4.165-81.1
kernel-source-vanilla-4.4.165-81.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.165-81.1
kernel-debug-base-4.4.165-81.1
kernel-debug-base-debuginfo-4.4.165-81.1
kernel-debug-debuginfo-4.4.165-81.1
kernel-debug-debugsource-4.4.165-81.1
kernel-debug-devel-4.4.165-81.1
kernel-debug-devel-debuginfo-4.4.165-81.1
kernel-default-4.4.165-81.1
kernel-default-base-4.4.165-81.1
kernel-default-base-debuginfo-4.4.165-81.1
kernel-default-debuginfo-4.4.165-81.1
kernel-default-debugsource-4.4.165-81.1
kernel-default-devel-4.4.165-81.1
kernel-obs-build-4.4.165-81.1
kernel-obs-build-debugsource-4.4.165-81.1
kernel-obs-qa-4.4.165-81.1
kernel-syms-4.4.165-81.1
kernel-vanilla-4.4.165-81.1
kernel-vanilla-base-4.4.165-81.1
kernel-vanilla-base-debuginfo-4.4.165-81.1
kernel-vanilla-debuginfo-4.4.165-81.1
kernel-vanilla-debugsource-4.4.165-81.1
kernel-vanilla-devel-4.4.165-81.1
References:
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1027457
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1046264
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1094973
https://bugzilla.suse.com/1102439
https://bugzilla.suse.com/1103624
https://bugzilla.suse.com/1104731
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106237
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1107385
https://bugzilla.suse.com/1108145
https://bugzilla.suse.com/1109330
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1111062
https://bugzilla.suse.com/1111809
https://bugzilla.suse.com/1112246
https://bugzilla.suse.com/1112963
https://bugzilla.suse.com/1113412
https://bugzilla.suse.com/1113766
https://bugzilla.suse.com/1114190
https://bugzilla.suse.com/1114475
https://bugzilla.suse.com/1114763
https://bugzilla.suse.com/1114839
https://bugzilla.suse.com/1115433
https://bugzilla.suse.com/1115440
https://bugzilla.suse.com/1115709
https://bugzilla.suse.com/1116285
https://bugzilla.suse.com/1116497
https://bugzilla.suse.com/1116924
https://bugzilla.suse.com/1116950
https://bugzilla.suse.com/1117562
https://bugzilla.suse.com/985031
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4125-1: moderate: Security update for phpMyAdmin
by opensuse-security@opensuse.org 14 Dec '18
by opensuse-security@opensuse.org 14 Dec '18
14 Dec '18
openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4125-1
Rating: moderate
References: #1119245
Cross-References: CVE-2018-19968 CVE-2018-19969 CVE-2018-19970
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for phpMyAdmin fixes security issues and bugs.
Security issues addressed in the 4.8.4 release (bsc#1119245):
- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree
This update also contains the following upstream bug fixes and
improvements:
- Ensure that database names with a dot ('.') are handled properly when
DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages
were not logged when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-1547=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
phpMyAdmin-4.8.4-32.1
References:
https://www.suse.com/security/cve/CVE-2018-19968.html
https://www.suse.com/security/cve/CVE-2018-19969.html
https://www.suse.com/security/cve/CVE-2018-19970.html
https://bugzilla.suse.com/1119245
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4124-1: moderate: Security update for phpMyAdmin
by opensuse-security@opensuse.org 14 Dec '18
by opensuse-security@opensuse.org 14 Dec '18
14 Dec '18
openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4124-1
Rating: moderate
References: #1119245
Cross-References: CVE-2018-19968 CVE-2018-19969 CVE-2018-19970
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for phpMyAdmin fixes security issues and bugs.
Security issues addressed in the 4.8.4 release (bsc#1119245):
- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree
This update also contains the following upstream bug fixes and
improvements:
- Ensure that database names with a dot ('.') are handled properly when
DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages
were not logged when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1547=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1547=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1547=1
Package List:
- openSUSE Leap 42.3 (noarch):
phpMyAdmin-4.8.4-24.1
- openSUSE Leap 15.0 (noarch):
phpMyAdmin-4.8.4-lp150.2.12.1
- openSUSE Backports SLE-15 (noarch):
phpMyAdmin-4.8.4-bp150.3.6.1
References:
https://www.suse.com/security/cve/CVE-2018-19968.html
https://www.suse.com/security/cve/CVE-2018-19969.html
https://www.suse.com/security/cve/CVE-2018-19970.html
https://bugzilla.suse.com/1119245
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4122-1: important: Security update for Chromium
by opensuse-security@opensuse.org 14 Dec '18
by opensuse-security@opensuse.org 14 Dec '18
14 Dec '18
openSUSE Security Update: Security update for Chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4122-1
Rating: important
References: #1119364
Cross-References: CVE-2018-17481
Affected Products:
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update to Chromium 71.0.3578.98 fixes on security issue.
- CVE-2018-17481: Use after free in PDFium - a follow-up fix to Chromiun
70 (boo#1119364)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1546=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2018-1546=1
Package List:
- openSUSE Leap 15.0 (x86_64):
chromedriver-71.0.3578.98-lp150.2.33.1
chromedriver-debuginfo-71.0.3578.98-lp150.2.33.1
chromium-71.0.3578.98-lp150.2.33.1
chromium-debuginfo-71.0.3578.98-lp150.2.33.1
chromium-debugsource-71.0.3578.98-lp150.2.33.1
- openSUSE Backports SLE-15 (aarch64 x86_64):
chromedriver-71.0.3578.98-bp150.2.26.1
chromedriver-debuginfo-71.0.3578.98-bp150.2.26.1
chromium-71.0.3578.98-bp150.2.26.1
chromium-debuginfo-71.0.3578.98-bp150.2.26.1
chromium-debugsource-71.0.3578.98-bp150.2.26.1
References:
https://www.suse.com/security/cve/CVE-2018-17481.html
https://bugzilla.suse.com/1119364
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4117-1: moderate: Security update for mozilla-nss
by opensuse-security@opensuse.org 13 Dec '18
by opensuse-security@opensuse.org 13 Dec '18
13 Dec '18
openSUSE Security Update: Security update for mozilla-nss
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4117-1
Rating: moderate
References: #1106873 #1119069
Cross-References: CVE-2018-12384 CVE-2018-12404
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for mozilla-nss to version 3.36.6 fixes the following issues:
Security issues fixed:
- CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random (bmo#1483128, boo#1106873)
- CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack
(bmo#1485864, boo#1119069)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1540=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1540=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libfreebl3-3.36.6-54.1
libfreebl3-debuginfo-3.36.6-54.1
libsoftokn3-3.36.6-54.1
libsoftokn3-debuginfo-3.36.6-54.1
mozilla-nss-3.36.6-54.1
mozilla-nss-certs-3.36.6-54.1
mozilla-nss-certs-debuginfo-3.36.6-54.1
mozilla-nss-debuginfo-3.36.6-54.1
mozilla-nss-debugsource-3.36.6-54.1
mozilla-nss-devel-3.36.6-54.1
mozilla-nss-sysinit-3.36.6-54.1
mozilla-nss-sysinit-debuginfo-3.36.6-54.1
mozilla-nss-tools-3.36.6-54.1
mozilla-nss-tools-debuginfo-3.36.6-54.1
- openSUSE Leap 42.3 (x86_64):
libfreebl3-32bit-3.36.6-54.1
libfreebl3-debuginfo-32bit-3.36.6-54.1
libsoftokn3-32bit-3.36.6-54.1
libsoftokn3-debuginfo-32bit-3.36.6-54.1
mozilla-nss-32bit-3.36.6-54.1
mozilla-nss-certs-32bit-3.36.6-54.1
mozilla-nss-certs-debuginfo-32bit-3.36.6-54.1
mozilla-nss-debuginfo-32bit-3.36.6-54.1
mozilla-nss-sysinit-32bit-3.36.6-54.1
mozilla-nss-sysinit-debuginfo-32bit-3.36.6-54.1
- openSUSE Leap 15.0 (i586 x86_64):
libfreebl3-3.36.6-lp150.2.6.1
libfreebl3-debuginfo-3.36.6-lp150.2.6.1
libsoftokn3-3.36.6-lp150.2.6.1
libsoftokn3-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-3.36.6-lp150.2.6.1
mozilla-nss-certs-3.36.6-lp150.2.6.1
mozilla-nss-certs-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-debugsource-3.36.6-lp150.2.6.1
mozilla-nss-devel-3.36.6-lp150.2.6.1
mozilla-nss-sysinit-3.36.6-lp150.2.6.1
mozilla-nss-sysinit-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-tools-3.36.6-lp150.2.6.1
mozilla-nss-tools-debuginfo-3.36.6-lp150.2.6.1
- openSUSE Leap 15.0 (x86_64):
libfreebl3-32bit-3.36.6-lp150.2.6.1
libfreebl3-32bit-debuginfo-3.36.6-lp150.2.6.1
libsoftokn3-32bit-3.36.6-lp150.2.6.1
libsoftokn3-32bit-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-32bit-3.36.6-lp150.2.6.1
mozilla-nss-32bit-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-certs-32bit-3.36.6-lp150.2.6.1
mozilla-nss-certs-32bit-debuginfo-3.36.6-lp150.2.6.1
mozilla-nss-sysinit-32bit-3.36.6-lp150.2.6.1
mozilla-nss-sysinit-32bit-debuginfo-3.36.6-lp150.2.6.1
References:
https://www.suse.com/security/cve/CVE-2018-12384.html
https://www.suse.com/security/cve/CVE-2018-12404.html
https://bugzilla.suse.com/1106873
https://bugzilla.suse.com/1119069
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4112-1: important: Security update for Mozilla Firefox
by opensuse-security@opensuse.org 13 Dec '18
by opensuse-security@opensuse.org 13 Dec '18
13 Dec '18
openSUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4112-1
Rating: important
References: #1119105
Cross-References: CVE-2018-12405 CVE-2018-17466 CVE-2018-18492
CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs.
Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105):
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library
with TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute
and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR
60.4
The following changes are included:
- now requires NSS >= 3.36.6
- Updated list of currency codes to include Unidad Previsional (UYW)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1544=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1544=1
Package List:
- openSUSE Leap 42.3 (x86_64):
MozillaFirefox-60.4.0-125.1
MozillaFirefox-branding-upstream-60.4.0-125.1
MozillaFirefox-buildsymbols-60.4.0-125.1
MozillaFirefox-debuginfo-60.4.0-125.1
MozillaFirefox-debugsource-60.4.0-125.1
MozillaFirefox-devel-60.4.0-125.1
MozillaFirefox-translations-common-60.4.0-125.1
MozillaFirefox-translations-other-60.4.0-125.1
- openSUSE Leap 15.0 (x86_64):
MozillaFirefox-60.4.0-lp150.3.30.1
MozillaFirefox-branding-upstream-60.4.0-lp150.3.30.1
MozillaFirefox-buildsymbols-60.4.0-lp150.3.30.1
MozillaFirefox-debuginfo-60.4.0-lp150.3.30.1
MozillaFirefox-debugsource-60.4.0-lp150.3.30.1
MozillaFirefox-devel-60.4.0-lp150.3.30.1
MozillaFirefox-translations-common-60.4.0-lp150.3.30.1
MozillaFirefox-translations-other-60.4.0-lp150.3.30.1
References:
https://www.suse.com/security/cve/CVE-2018-12405.html
https://www.suse.com/security/cve/CVE-2018-17466.html
https://www.suse.com/security/cve/CVE-2018-18492.html
https://www.suse.com/security/cve/CVE-2018-18493.html
https://www.suse.com/security/cve/CVE-2018-18494.html
https://www.suse.com/security/cve/CVE-2018-18498.html
https://bugzilla.suse.com/1119105
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:4111-1: important: Security update for xen
by opensuse-security@opensuse.org 13 Dec '18
by opensuse-security@opensuse.org 13 Dec '18
13 Dec '18
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:4111-1
Rating: important
References: #1027519 #1108940 #1114405 #1114423 #1115040
#1115045 #1115047
Cross-References: CVE-2018-18849 CVE-2018-18883 CVE-2018-19961
CVE-2018-19962 CVE-2018-19965 CVE-2018-19966
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 6 vulnerabilities and has one errata
is now available.
Description:
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-18849: Fixed an out of bounds memory access issue was found in
the LSI53C895A SCSI Host Bus Adapter emulation while writing a message
in lsi_do_msgin (bsc#1114423).
- CVE-2018-18883: Fixed a NULL pointer dereference that could have been
triggered by nested VT-x that where not properly restricted
(XSA-278)(bsc#1114405).
- CVE-2018-19965: Fixed denial of service issue from attempting to use
INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).
- CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused
conflicts with shadow paging (XSA-280)(bsc#1115047).
- CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /
improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).
Non-security issues fixed:
- Added upstream bug fixes (bsc#1027519).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1530=1
Package List:
- openSUSE Leap 42.3 (x86_64):
xen-4.9.3_03-34.1
xen-debugsource-4.9.3_03-34.1
xen-devel-4.9.3_03-34.1
xen-doc-html-4.9.3_03-34.1
xen-libs-4.9.3_03-34.1
xen-libs-debuginfo-4.9.3_03-34.1
xen-tools-4.9.3_03-34.1
xen-tools-debuginfo-4.9.3_03-34.1
xen-tools-domU-4.9.3_03-34.1
xen-tools-domU-debuginfo-4.9.3_03-34.1
References:
https://www.suse.com/security/cve/CVE-2018-18849.html
https://www.suse.com/security/cve/CVE-2018-18883.html
https://www.suse.com/security/cve/CVE-2018-19961.html
https://www.suse.com/security/cve/CVE-2018-19962.html
https://www.suse.com/security/cve/CVE-2018-19965.html
https://www.suse.com/security/cve/CVE-2018-19966.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1108940
https://bugzilla.suse.com/1114405
https://bugzilla.suse.com/1114423
https://bugzilla.suse.com/1115040
https://bugzilla.suse.com/1115045
https://bugzilla.suse.com/1115047
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0