[security-announce] SUSE-SU-2015:1324-1: important: Security update for the SUSE Linux Enterprise 12 kernel

SUSE Security Update: Security update for the SUSE Linux Enterprise 12 kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1324-1 Rating: important References: #854817 #854824 #858727 #866911 #867362 #895814 #903279 #907092 #908491 #915183 #917630 #918618 #921430 #924071 #924526 #926369 #926953 #927455 #927697 #927786 #928131 #929475 #929696 #929879 #929974 #930092 #930399 #930579 #930599 #930972 #931124 #931403 #931538 #931620 #931860 #931988 #932348 #932793 #932897 #932898 #932899 #932900 #932967 #933117 #933429 #933637 #933896 #933904 #933907 #934160 #935083 #935085 #935088 #935174 #935542 #935881 #935918 #936012 #936423 #936445 #936446 #936502 #936556 #936831 #936875 #937032 #937087 #937609 #937612 #937613 #937616 #938022 #938023 #938024 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1805 CVE-2015-3212 CVE-2015-4036 CVE-2015-4167 CVE-2015-4692 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 63 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive various security and bugfixes. These features were added: - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (bsc#854824). - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817). Following security bugs were fixed: - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS or privilege escalation (bsc#933429). - CVE-2015-3212: A race condition in the way the Linux kernel handled lists of associations in SCTP sockets could have lead to list corruption and kernel panics (bsc#936502). - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver (bsc#931988). - CVE-2015-4167: Linux kernel built with the UDF file system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred while fetching inode information from a corrupted/malicious udf file system image (bsc#933907). - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events function (bsc#935542). - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid checksums (bsc#936831). - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP packets with invalid checksums (bsc#936831). Security issues already fixed in the previous update but not referenced by CVE: - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to information leakage (bsc#933896). The following non-security bugs were fixed: - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556). - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec (bsc#936556). - ALSA: hda_controller: Separate stream_tag for input and output streams (bsc#936556). - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#936556). - Btrfs: Handle unaligned length in extent_same (bsc#937609). - Btrfs: add missing inode item update in fallocate() (bsc#938023). - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#936445). - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - Btrfs: fix block group ->space_info null pointer dereference (bsc#935088). - Btrfs: fix clone / extent-same deadlocks (bsc#937612). - Btrfs: fix deadlock with extent-same and readpage (bsc#937612). - Btrfs: fix fsync data loss after append write (bsc#936446). - Btrfs: fix hang during inode eviction due to concurrent readahead (bsc#935085). - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613). - Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON (bsc#926369). - Btrfs: fix use after free when close_ctree frees the orphan_rsv (bsc#938022). - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - Btrfs: provide super_operations->inode_get_dev (bsc#927455). - Drivers: hv: balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case. - Drivers: hv: fcopy: process deferred messages when we complete the transaction. - Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work. - Drivers: hv: fcopy: set .owner reference for file operations. - Drivers: hv: fcopy: switch to using the hvutil_device_state state machine. - Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case. - Drivers: hv: hv_balloon: correctly handle val.freeram lower than num_pages case. - Drivers: hv: hv_balloon: do not lose memory when onlining order is not natural. - Drivers: hv: hv_balloon: do not online pages in offline blocks. - Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor function. - Drivers: hv: hv_balloon: eliminate the trylock path in acquire/release_region_mutex. - Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure. - Drivers: hv: hv_balloon: refuse to balloon below the floor. - Drivers: hv: hv_balloon: report offline pages as being used. - Drivers: hv: hv_balloon: survive ballooning request with num_pages=0. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work. - Drivers: hv: kvp: reset kvp_context. - Drivers: hv: kvp: switch to using the hvutil_device_state state machine. - Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change ontop of v3.12-stable change - Drivers: hv: util: On device remove, close the channel after de-initializing the service. - Drivers: hv: util: introduce hv_utils_transport abstraction. - Drivers: hv: util: introduce state machine for util drivers. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Add device and vendor ID to vmbus devices. - Drivers: hv: vmbus: Add support for VMBus panic notifier handler (bsc#934160). - Drivers: hv: vmbus: Add support for the NetworkDirect GUID. - Drivers: hv: vmbus: Correcting truncation error for constant HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160). - Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl(). - Drivers: hv: vmbus: Fix a bug in rescind processing in vmbus_close_internal(). - Drivers: hv: vmbus: Fix a siganlling host signalling issue. - Drivers: hv: vmbus: Get rid of some unnecessary messages. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Handle both rescind and offer messages in the same context. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: Introduce a function to remove a rescinded offer. - Drivers: hv: vmbus: Perform device register in the per-channel work element. - Drivers: hv: vmbus: Permit sending of packets without payload. - Drivers: hv: vmbus: Properly handle child device remove. - Drivers: hv: vmbus: Remove the channel from the channel list(s) on failure. - Drivers: hv: vmbus: Suport an API to send packet with additional control. - Drivers: hv: vmbus: Suport an API to send pagebuffers with additional control. - Drivers: hv: vmbus: Teardown clockevent devices on module unload. - Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module unload. - Drivers: hv: vmbus: Use a round-robin algorithm for picking the outgoing channel. - Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU 0. - Drivers: hv: vmbus: avoid double kfree for device_obj. - Drivers: hv: vmbus: briefly comment num_sc and next_oc. - Drivers: hv: vmbus: decrease num_sc on subchannel removal. - Drivers: hv: vmbus: distribute subchannels among all vcpus. - Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths. - Drivers: hv: vmbus: introduce vmbus_acpi_remove. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer(). - Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors. - Drivers: hv: vmbus: rename channel work queues. - Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection pages on shutdown. - Drivers: hv: vmbus: unify calls to percpu_channel_enq(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10. - Drivers: hv: vss: process deferred messages when we complete the transaction. - Drivers: hv: vss: switch to using the hvutil_device_state state machine. - Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012) - Fix connection reuse when sk_error_report is used (bsc#930972). - GHES: Carve out error queueing in a separate function (bsc#917630). - GHES: Carve out the panic functionality (bsc#917630). - GHES: Elliminate double-loop in the NMI handler (bsc#917630). - GHES: Make NMI handler have a single reader (bsc#917630). - GHES: Panic right after detection (bsc#917630). - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach (bsc#918618). - Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls - KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode (bsc#908491). - KVM: s390: virtio-ccw: Handle command rejects (bsc#931860). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911). - Revert "MODSIGN: loading keys from db when SecureBoot disabled". This reverts commit b45412d4, because it breaks legacy boot. - SUNRPC: Report connection error values to rpc_tasks on the pending queue (bsc#930972). - Update s390x kabi files with netfilter change (bsc#936012) - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bsc#932348). - cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors (bsc#933117). - dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - drm/i915/hsw: Fix workaround for server AUX channel clock divisor (bsc#935918). - drm/i915: Evict CS TLBs between batches (bsc#935918). - drm/i915: Fix DDC probe for passive adapters (bsc#935918). - drm/i915: Handle failure to kick out a conflicting fb driver (bsc#935918). - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918). - drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (bsc#935918). - edd: support original Phoenix EDD 3.0 information (bsc#929974). - ext4: fix over-defensive complaint after journal abort (bsc#935174). - fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124). - ftrace: add oco handling patch (bsc#924526). - ftrace: allow architectures to specify ftrace compile options (bsc#924526). - ftrace: let notrace function attribute disable hotpatching if necessary (bsc#924526). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hv: channel: match var type to return type of wait_for_completion. - hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind(). - hv: hv_balloon: match var type to return type of wait_for_completion. - hv: hv_util: move vmbus_open() to a later place. - hv: hypervvssd: call endmntent before call setmntent again. - hv: no rmmod for hv_vmbus and hv_utils. - hv: remove the per-channel workqueue. - hv: run non-blocking message handlers in the dispatch tasklet. - hv: vmbus: missing curly braces in vmbus_process_offer(). - hv: vmbus_free_channels(): remove the redundant free_channel(). - hv: vmbus_open(): reset the channel state on ENOMEM. - hv: vmbus_post_msg: retry the hypercall on some transient errors. - hv_netvsc: Allocate the receive buffer from the correct NUMA node. - hv_netvsc: Allocate the sendbuf in a NUMA aware way. - hv_netvsc: Clean up two unused variables. - hv_netvsc: Cleanup the test for freeing skb when we use sendbuf mechanism. - hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE. - hv_netvsc: Eliminate memory allocation in the packet send path. - hv_netvsc: Fix a bug in netvsc_start_xmit(). - hv_netvsc: Fix the packet free when it is in skb headroom. - hv_netvsc: Implement batching in send buffer. - hv_netvsc: Implement partial copy into send buffer. - hv_netvsc: Use the xmit_more skb flag to optimize signaling the host. - hv_netvsc: change member name of struct netvsc_stats. - hv_netvsc: introduce netif-msg into netvsc module. - hv_netvsc: remove unused variable in netvsc_send(). - hv_netvsc: remove vmbus_are_subchannels_present() in rndis_filter_device_add(). - hv_netvsc: try linearizing big SKBs before dropping them. - hv_netvsc: use per_cpu stats to calculate TX/RX data. - hv_netvsc: use single existing drop path in netvsc_start_xmit. - hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg(). - hyperv: Implement netvsc_get_channels() ethool op. - hyperv: hyperv_fb: match wait_for_completion_timeout return type. - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881). - ipr: Increase default adapter init stage change timeout (bsc#930579). - ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399). - ipv6: fix ECMP route replacement (bsc#930399). - jbd2: improve error messages for inconsistent journal heads (bsc#935174). - jbd2: revise KERN_EMERG error messages (bsc#935174). - kabi/severities: Add s390 symbols allowed to change in bsc#931860 - kabi: only use sops->get_inode_dev with proper fsflag. - kernel: add panic_on_warn. - kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP (bsc#928131). - kgr: fix redirection on s390x arch (bsc#903279). - kgr: move kgr_task_in_progress() to sched.h. - kgr: send a fake signal to all blocking tasks. - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bsc#926953). - libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599). - mei: bus: () can be static. - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bsc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bsc#931620). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bsc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bsc#931620). - net/mlx4_en: Call register_netdevice in the proper location (bsc#858727). - net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for VXLAN (bsc#858727). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: introduce netdev_alloc_pcpu_stats() for drivers. - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netdev: set __percpu attribute on netdev_alloc_pcpu_stats. - netdev_alloc_pcpu_stats: use less common iterator variable. - netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083) - ovl: default permissions (bsc#924071). - ovl: move s_stack_depth . - powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack allocations (bsc#931403). - powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967). - powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler (bsc#929475). - powerpc: Fill in si_addr_lsb siginfo field (bsc#929475). - powerpc: Simplify do_sigbus (bsc#929475). - reiserfs: Fix use after free in journal teardown (bsc#927697). - rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786). - s390/airq: add support for irq ranges (bsc#931860). - s390/airq: silence lockdep warning (bsc#931860). - s390/compat,signal: change return values to -EFAULT (bsc#929879). - s390/ftrace: hotpatch support for function tracing (bsc#924526). - s390/irq: improve displayed interrupt order in /proc/interrupts (bsc#931860). - s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879). - s390/kgr: reorganize kgr infrastructure in entry64.S. - s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879). - s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879). - s390/rwlock: add missing local_irq_restore calls (bsc#929879). - s390/sclp_vt220: Fix kernel panic due to early terminal input (bsc#931860). - s390/smp: only send external call ipi if needed (bsc#929879). - s390/spinlock,rwlock: always to a load-and-test first (bsc#929879). - s390/spinlock: cleanup spinlock code (bsc#929879). - s390/spinlock: optimize spin_unlock code (bsc#929879). - s390/spinlock: optimize spinlock code sequence (bsc#929879). - s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879). - s390/time: use stck clock fast for do_account_vtime (bsc#929879). - s390: Remove zfcpdump NR_CPUS dependency (bsc#929879). - s390: add z13 code generation support (bsc#929879). - s390: avoid z13 cache aliasing (bsc#929879). - s390: fix control register update (bsc#929879). - s390: optimize control register update (bsc#929879). - s390: z13 base performance (bsc#929879). - sched: fix __sched_setscheduler() vs load balancing race (bsc#921430) - scsi: retry MODE SENSE on unit attention (bsc#895814). - scsi_dh_alua: Recheck state on unit attention (bsc#895814). - scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814). - scsi_dh_alua: parse device id instead of target id (bsc#895814). - scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814). - scsi_dh_alua: update all port states (bsc#895814). - sd: always retry READ CAPACITY for ALUA state transition (bsc#895814). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: add btrfs to kernel-$flavor-base (bsc#933637) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bsc#938024). - vTPM: set virtual device before passing to ibmvtpm_reset_crq (bsc#937087). - vfs: add super_operations->get_inode_dev (bsc#927455). - virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860). - virtio-rng: do not crash if virtqueue is broken (bsc#931860). - virtio: fail adding buffer on broken queues (bsc#931860). - virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860). - virtio_blk: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ccw: fix hang in set offline processing (bsc#931860). - virtio_ccw: fix vcdev pointer handling issues (bsc#931860). - virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860). - virtio_net: do not crash if virtqueue is broken (bsc#931860). - virtio_net: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ring: adapt to notify() returning bool (bsc#931860). - virtio_ring: add new function virtqueue_is_broken() (bsc#931860). - virtio_ring: change host notification API (bsc#931860). - virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860). - virtio_ring: plug kmemleak false positive (bsc#931860). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#931860). - virtio_scsi: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092). - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bsc#907092). - x86/kgr: move kgr infrastructure from asm to C. - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793). - xfs: Skip dirty pages in ->releasepage (bsc#915183). - xfs: fix xfs_setattr for DMAPI (bsc#932900). - xfs_dmapi: fix transaction ilocks (bsc#932899). - xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's ops (bsc#932898). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-356=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-356=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.44-52.10.1 kernel-obs-build-debugsource-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.44-52.10.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.44-52.10.1 kernel-default-base-3.12.44-52.10.1 kernel-default-base-debuginfo-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.44-52.10.1 kernel-xen-base-3.12.44-52.10.1 kernel-xen-base-debuginfo-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.44-52.10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.44-52.10.1 kernel-ec2-debuginfo-3.12.44-52.10.1 kernel-ec2-debugsource-3.12.44-52.10.1 kernel-ec2-devel-3.12.44-52.10.1 kernel-ec2-extra-3.12.44-52.10.1 kernel-ec2-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_10-default-1-2.1 kgraft-patch-3_12_44-52_10-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 kernel-xen-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3212.html https://www.suse.com/security/cve/CVE-2015-4036.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4692.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/854817 https://bugzilla.suse.com/854824 https://bugzilla.suse.com/858727 https://bugzilla.suse.com/866911 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/895814 https://bugzilla.suse.com/903279 https://bugzilla.suse.com/907092 https://bugzilla.suse.com/908491 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/917630 https://bugzilla.suse.com/918618 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/924071 https://bugzilla.suse.com/924526 https://bugzilla.suse.com/926369 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927455 https://bugzilla.suse.com/927697 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/929475 https://bugzilla.suse.com/929696 https://bugzilla.suse.com/929879 https://bugzilla.suse.com/929974 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/930579 https://bugzilla.suse.com/930599 https://bugzilla.suse.com/930972 https://bugzilla.suse.com/931124 https://bugzilla.suse.com/931403 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/931860 https://bugzilla.suse.com/931988 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932793 https://bugzilla.suse.com/932897 https://bugzilla.suse.com/932898 https://bugzilla.suse.com/932899 https://bugzilla.suse.com/932900 https://bugzilla.suse.com/932967 https://bugzilla.suse.com/933117 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933637 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/934160 https://bugzilla.suse.com/935083 https://bugzilla.suse.com/935085 https://bugzilla.suse.com/935088 https://bugzilla.suse.com/935174 https://bugzilla.suse.com/935542 https://bugzilla.suse.com/935881 https://bugzilla.suse.com/935918 https://bugzilla.suse.com/936012 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936445 https://bugzilla.suse.com/936446 https://bugzilla.suse.com/936502 https://bugzilla.suse.com/936556 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937087 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937613 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938022 https://bugzilla.suse.com/938023 https://bugzilla.suse.com/938024 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org