[security-announce] openSUSE-SU-2017:2112-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2112-1 Rating: important References: #1005778 #1011913 #1012829 #1013887 #1016119 #1019695 #1022476 #1022600 #1022604 #1028286 #1030552 #1031717 #1033587 #1036215 #1036632 #1037838 #1039153 #1040347 #1042257 #1042286 #1042422 #1043598 #1044443 #1044623 #1045404 #1045563 #1045922 #1046651 #1046682 #1047121 #1048146 #1048155 #1048348 #1048421 #1048451 #1048501 #1048891 #1048912 #1048914 #1048916 #1048919 #1049231 #1049289 #1049361 #1049483 #1049486 #1049603 #1049619 #1049645 #1049706 #1049882 #1050061 #1050188 #1050320 #1050322 #1051022 #1051048 #1051059 #1051239 #1051471 #1051478 #1051479 #1051663 #964063 #974215 Cross-References: CVE-2017-11473 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has 61 fixes is now available. Description: The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). The following non-security bugs were fixed: - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478). - ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - Added sbitmap patch to blacklist.conf Add a patch "sbitmap: fix wakeup hang after sbq resize" to the blacklist.conf file because it is not needed in SLE 12 SP2. - Btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - Btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - Btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - Delete patches.drivers/0004-iommu-amd-reduce-delay-waiting-for-command-buffer-spac e. Remove the patch because it caused problems for users. See bsc#1048348. - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - Fix kABI breakage by KVM CVE fix (bsc#1045922). - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361). - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - NFS: Cache aggressively when file is open for writing (bsc#1033587). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587). - NFS: invalidate file size when taking a lock (git-fixes). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - PCI: Add Mellanox device IDs (bsc#1051478). - PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - PCI: Enable ECRC only if device supports it (bsc#1051478). - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604 FATE#321747). - README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask. - Revert "Add "shutdown" to "struct class"." (kabi). - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600 fate#321928 bsc#1016119). - Update patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch (bsc#1043598, bsc#1036215). - apply mainline tags to some hyperv patches - arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion 4.4.79Version: 4.4.79Release: <RELEASE>.g4dc78e3 - arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE - blkfront: add uevent for size change (bnc#1036632). - block: Fix front merge check (bsc#1051239). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778). - cxgb4: fix a NULL dereference (bsc#1005778). - cxgb4: fix memory leak in init_one() (bsc#1005778). - dentry name snapshots (bsc#1049483). - device-dax: fix sysfs attribute deadlock (bsc#1048919). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153). - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421). - hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919). - libnvdimm, region: fix flush hint detection crash (bsc#1048919). - libnvdimm: fix badblock range handling of ARS range (bsc#1051048). - lightnvm: fix "warning: ‘ret’ may be used uninitialized" (FATE#319466). - md-cluster: Fix a memleak in an error handling path (bsc#1049289). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146). - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146). - nvmet: identify controller: improve standard compliance (bsc#1048146). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bsc#1049231). - powerpc: Add POWER9 architected mode to cputable (bsc#1048916, fate#321439). - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qed: Add missing static/local dcbx info (bsc#1019695). - qed: Correct print in iscsi error-flow (bsc#1019695). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in virt drivers - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706). - s390/kdump: remove code to create ELF notes in the crashed system (bsc#1049706). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: aacraid: Do not copy uninitialized stack memory to userspace (bsc#1048912). - scsi: aacraid: fix leak of data from stack back to userspace (bsc#1048912). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838). - scsi: lpfc: Add auto EQ delay logic (bsc#1042257). - scsi: lpfc: Added recovery logic for running out of NVMET IO context resources (bsc#1037838). - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838). - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838). - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux (bsc#1044623). - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests (bsc#1037838). - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type (bsc#1037838). - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport state (bsc#1037838). - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes (bsc#1037838). - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623). - scsi: lpfc: Fix crash after firmware flash when IO is running (bsc#1044623). - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623). - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request (bsc#1044623). - scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver unload (bsc#1037838). - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257). - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404). - scsi: lpfc: Fix nvmet RQ resource needs for large block writes (bsc#1037838). - scsi: lpfc: Fix system crash when port is reset (bsc#1037838). - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623). - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838). - scsi: lpfc: Reduce time spent in IRQ for received NVME commands (bsc#1044623). - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context (bsc#1037838). - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838). - scsi: lpfc: Vport creation is failing with "Link Down" error (bsc#1044623). - scsi: lpfc: fix refcount error on node list (bsc#1045404). - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623). - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838). - scsi: qedf: Fix a return value in case of error in 'qedf_alloc_global_queues' (bsc#1048912). - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443). - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443). - sfc: Add ethtool -m support for QSFP modules (bsc#1049619). - string.h: add memcpy_and_pad() (bsc#1048146). - timers: Plug locking race vs. timer migration (bnc#1022476). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - x86/platform/uv/BAU: Disable BAU on single hub configurations (bsc#1050320). - x86/platform/uv/BAU: Fix congested_response_us not taking effect (bsc#1050322). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-890=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (noarch): kernel-devel-4.4.79-4.2 kernel-docs-4.4.79-4.2 kernel-docs-html-4.4.79-4.2 kernel-docs-pdf-4.4.79-4.2 kernel-macros-4.4.79-4.2 kernel-source-4.4.79-4.2 kernel-source-vanilla-4.4.79-4.2 - openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.79-4.2 kernel-debug-base-4.4.79-4.2 kernel-debug-base-debuginfo-4.4.79-4.2 kernel-debug-debuginfo-4.4.79-4.2 kernel-debug-debugsource-4.4.79-4.2 kernel-debug-devel-4.4.79-4.2 kernel-debug-devel-debuginfo-4.4.79-4.2 kernel-default-4.4.79-4.2 kernel-default-base-4.4.79-4.2 kernel-default-base-debuginfo-4.4.79-4.2 kernel-default-debuginfo-4.4.79-4.2 kernel-default-debugsource-4.4.79-4.2 kernel-default-devel-4.4.79-4.2 kernel-obs-build-4.4.79-4.2 kernel-obs-build-debugsource-4.4.79-4.2 kernel-obs-qa-4.4.79-4.2 kernel-syms-4.4.79-4.2 kernel-vanilla-4.4.79-4.2 kernel-vanilla-base-4.4.79-4.2 kernel-vanilla-base-debuginfo-4.4.79-4.2 kernel-vanilla-debuginfo-4.4.79-4.2 kernel-vanilla-debugsource-4.4.79-4.2 kernel-vanilla-devel-4.4.79-4.2 References: https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1013887 https://bugzilla.suse.com/1016119 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022600 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1028286 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1033587 https://bugzilla.suse.com/1036215 https://bugzilla.suse.com/1036632 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1039153 https://bugzilla.suse.com/1040347 https://bugzilla.suse.com/1042257 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042422 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1044443 https://bugzilla.suse.com/1044623 https://bugzilla.suse.com/1045404 https://bugzilla.suse.com/1045563 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1046651 https://bugzilla.suse.com/1046682 https://bugzilla.suse.com/1047121 https://bugzilla.suse.com/1048146 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048348 https://bugzilla.suse.com/1048421 https://bugzilla.suse.com/1048451 https://bugzilla.suse.com/1048501 https://bugzilla.suse.com/1048891 https://bugzilla.suse.com/1048912 https://bugzilla.suse.com/1048914 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1048919 https://bugzilla.suse.com/1049231 https://bugzilla.suse.com/1049289 https://bugzilla.suse.com/1049361 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049486 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049619 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049706 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050061 https://bugzilla.suse.com/1050188 https://bugzilla.suse.com/1050320 https://bugzilla.suse.com/1050322 https://bugzilla.suse.com/1051022 https://bugzilla.suse.com/1051048 https://bugzilla.suse.com/1051059 https://bugzilla.suse.com/1051239 https://bugzilla.suse.com/1051471 https://bugzilla.suse.com/1051478 https://bugzilla.suse.com/1051479 https://bugzilla.suse.com/1051663 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/974215 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org