openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:0458-1
Rating: important
References: #1003077 #1007886 #1009969 #1010444 #1011820
#1013273 #1013531 #1013540 #1013542 #1017589
#1017710 #1019658 #1019660 #1019784 #1020214
#1020381 #1021258 #983348 #987333 #987576

Cross-References: CVE-2016-10088 CVE-2016-10147 CVE-2016-7117
CVE-2016-7917 CVE-2016-8645 CVE-2016-9793
CVE-2016-9806 CVE-2017-5551
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 12 fixes is
now available.

Description:

The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).
– CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set
setgid bits on files they don’t down (bsc#1021258).
– CVE-2016-10147: crypto/mcryptd.c in the Linux kernel allowed local users
to cause a denial of service (NULL pointer dereference and system crash)
by using an AF_ALG socket with an incompatible algorithm, as
demonstrated by mcryptd(md5) (bnc#1020381).
– CVE-2016-10088: The sg implementation in the Linux kernel did not
properly restrict write operations in situations where the KERNEL_DS
option is set, which allowed local users to read or write to arbitrary
kernel memory locations or cause a denial of service (use-after-free) by
leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-9576 (bnc#1017710).
– CVE-2016-7917: The nfnetlink_rcv_batch function in
net/netfilter/nfnetlink.c in the Linux kernel did not check whether a
batch message’s length field is large enough, which allowed local users
to obtain sensitive information from kernel memory or cause a denial of
service (infinite loop or out-of-bounds read) by leveraging the
CAP_NET_ADMIN capability (bnc#1010444).
– CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
truncation, which allowed local users to cause a denial of service
(system crash) via a crafted application that made sendto system calls,
related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
– CVE-2016-9806: Race condition in the netlink_dump function in
net/netlink/af_netlink.c in the Linux kernel allowed local users to
cause a denial of service (double free) or possibly have unspecified
other impact via a crafted application that made sendmsg system calls,
leading to a free operation associated with a new dump that started
earlier than anticipated (bnc#1013540 1017589).
– CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash) or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
(bnc#1013531 1013542).

The following non-security bugs were fixed:

– PCI: generic: Fix pci_remap_iospace() failure path (bsc#1019658).
– bcache: partition support: add 16 minors per bcacheN device
(bsc#1019784).
– bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
– clk: xgene: Do not call __pa on ioremaped address (bsc#1019660).
– kABI workaround for 4.1.37 mount changes (stable-4.1.37).
– kABI: reintroduce sk_filter (bsc#1009969).
– kabi/severities: Ignore inode_change_ok change It’s renamed in 4.1.37 to
setattr_prepare()
– mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
– net: introduce __sock_queue_rcv_skb() function (bsc#1009969).
– netback: correct array index (bsc#983348).
– netfront: do not truncate grant references.
– netfront: use correct linear area after linearizing an skb (bsc#1007886).
– reiserfs: fix race in prealloc discard (bsc#987576).
– rose: limit sk_filter trim to payload (bsc#1009969).
– scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).
– xenbus: correctly signal errors from xenstored_local_init() (luckily
none so far).
– xenbus: do not invoke ->is_ready() for most device states (bsc#987333).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-246=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.1 (i686 x86_64):

kernel-debug-4.1.38-47.1
kernel-debug-base-4.1.38-47.1
kernel-debug-base-debuginfo-4.1.38-47.1
kernel-debug-debuginfo-4.1.38-47.1
kernel-debug-debugsource-4.1.38-47.1
kernel-debug-devel-4.1.38-47.1
kernel-debug-devel-debuginfo-4.1.38-47.1
kernel-ec2-4.1.38-47.1
kernel-ec2-base-4.1.38-47.1
kernel-ec2-base-debuginfo-4.1.38-47.1
kernel-ec2-debuginfo-4.1.38-47.1
kernel-ec2-debugsource-4.1.38-47.1
kernel-ec2-devel-4.1.38-47.1
kernel-pv-4.1.38-47.1
kernel-pv-base-4.1.38-47.1
kernel-pv-base-debuginfo-4.1.38-47.1
kernel-pv-debuginfo-4.1.38-47.1
kernel-pv-debugsource-4.1.38-47.1
kernel-pv-devel-4.1.38-47.1
kernel-vanilla-4.1.38-47.1
kernel-vanilla-debuginfo-4.1.38-47.1
kernel-vanilla-debugsource-4.1.38-47.1
kernel-vanilla-devel-4.1.38-47.1
kernel-xen-4.1.38-47.1
kernel-xen-base-4.1.38-47.1
kernel-xen-base-debuginfo-4.1.38-47.1
kernel-xen-debuginfo-4.1.38-47.1
kernel-xen-debugsource-4.1.38-47.1
kernel-xen-devel-4.1.38-47.1

– openSUSE Leap 42.1 (i586 x86_64):

kernel-default-4.1.38-47.1
kernel-default-base-4.1.38-47.1
kernel-default-base-debuginfo-4.1.38-47.1
kernel-default-debuginfo-4.1.38-47.1
kernel-default-debugsource-4.1.38-47.1
kernel-default-devel-4.1.38-47.1
kernel-obs-build-4.1.38-47.3
kernel-obs-build-debugsource-4.1.38-47.3
kernel-obs-qa-4.1.38-47.1
kernel-syms-4.1.38-47.1

– openSUSE Leap 42.1 (noarch):

kernel-devel-4.1.38-47.1
kernel-docs-4.1.38-47.2
kernel-docs-html-4.1.38-47.2
kernel-docs-pdf-4.1.38-47.2
kernel-macros-4.1.38-47.1
kernel-source-4.1.38-47.1
kernel-source-vanilla-4.1.38-47.1

– openSUSE Leap 42.1 (i686):

kernel-pae-4.1.38-47.1
kernel-pae-base-4.1.38-47.1
kernel-pae-base-debuginfo-4.1.38-47.1
kernel-pae-debuginfo-4.1.38-47.1
kernel-pae-debugsource-4.1.38-47.1
kernel-pae-devel-4.1.38-47.1

References:

https://www.suse.com/security/cve/CVE-2016-10088.html
https://www.suse.com/security/cve/CVE-2016-10147.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-7917.html
https://www.suse.com/security/cve/CVE-2016-8645.html
https://www.suse.com/security/cve/CVE-2016-9793.html
https://www.suse.com/security/cve/CVE-2016-9806.html
https://www.suse.com/security/cve/CVE-2017-5551.html
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1007886
https://bugzilla.suse.com/1009969
https://bugzilla.suse.com/1010444
https://bugzilla.suse.com/1011820
https://bugzilla.suse.com/1013273
https://bugzilla.suse.com/1013531
https://bugzilla.suse.com/1013540
https://bugzilla.suse.com/1013542
https://bugzilla.suse.com/1017589
https://bugzilla.suse.com/1017710
https://bugzilla.suse.com/1019658
https://bugzilla.suse.com/1019660
https://bugzilla.suse.com/1019784
https://bugzilla.suse.com/1020214
https://bugzilla.suse.com/1020381
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/983348
https://bugzilla.suse.com/987333
https://bugzilla.suse.com/987576

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:0456-1
Rating: important
References: #1000092 #1000619 #1003077 #1003253 #1005918
#1006469 #1006472 #1007729 #1008742 #1009546
#1009674 #1009718 #1009911 #1009969 #1010612
#1010690 #1011176 #1011250 #1011602 #1011660
#1011913 #1012422 #1012829 #1012910 #1013000
#1013001 #1013273 #1013531 #1013540 #1013542
#1013792 #1013994 #1014120 #1014392 #1014410
#1014701 #1014710 #1015038 #1015212 #1015359
#1015367 #1015416 #1015840 #1016250 #1016403
#1016517 #1016884 #1016979 #1017164 #1017170
#1017410 #1017589 #1018100 #1018316 #1018358
#1018385 #1018446 #1018813 #1018913 #1019061
#1019148 #1019260 #1019351 #1019594 #1019630
#1019631 #1019784 #1019851 #1020214 #1020488
#1020602 #1020685 #1020817 #1020945 #1020975
#1021248 #1021251 #1021258 #1021260 #1021294
#1021455 #1021474 #1022304 #1022429 #1022476
#1022547 #1022559 #1022971 #1023101 #1023175
#921494 #959709 #960561 #964944 #966170 #966172
#966186 #966191 #969474 #969475 #969756 #971975
#974215 #979378 #981709 #985561 #987192 #987576
#991273
Cross-References: CVE-2015-8709 CVE-2016-7117 CVE-2016-8645
CVE-2016-9793 CVE-2016-9806 CVE-2016-9919
CVE-2017-2583 CVE-2017-2584 CVE-2017-5551
CVE-2017-5576 CVE-2017-5577
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 98 fixes
is now available.

Description:

The openSUSE 42.2 kernel was updated to 4.4.42 stable release.

The following security bugs were fixed:

– CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077 1003253).
– CVE-2017-5576, CVE-2017-5577: A buffer overflow in the VC4_SUBMIT_CL
IOCTL in the VideoCore DRM driver for Raspberry Pi was fixed.
(bsc#1021294)
– CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set
setgid bits on files they don’t down. (bsc#1021258).
– CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual
Machine (CONFIG_KVM) support was vulnerable to an incorrect segment
selector(SS) value error. A user/process inside guest could have used
this flaw to crash the guest resulting in DoS or potentially escalate
their privileges inside guest. (bsc#1020602).
– CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory or cause a
denial of service (use-after-free) via a crafted application that
leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt
(bnc#1019851).
– CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel
mishandled uid and gid mappings, which allowed local users to gain
privileges by establishing a user namespace, waiting for a root process
to enter that namespace with an unsafe uid or gid, and then using the
ptrace system call. NOTE: the vendor states “there is no kernel bug
here (bnc#959709 bsc#960561).
– CVE-2016-9806: Race condition in the netlink_dump function in
net/netlink/af_netlink.c in the Linux kernel allowed local users to
cause a denial of service (double free) or possibly have unspecified
other impact via a crafted application that made sendmsg system calls,
leading to a free operation associated with a new dump that started
earlier than anticipated (bnc#1013540 1017589).
– CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
truncation, which allowed local users to cause a denial of service
(system crash) via a crafted application that made sendto system calls,
related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
– CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash) or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
(bnc#1013531 bsc#1013542).
– CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux
kernel omits a certain check of the dst data structure, which allowed
remote attackers to cause a denial of service (panic) via a fragmented
IPv6 packet (bnc#1014701).

The following non-security bugs were fixed:

– 8250/fintek: rename IRQ_MODE macro (boo#1009546).
– acpi, nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).
– acpi, nfit, libnvdimm: fix / harden ars_status output length handling
(bsc#1023175).
– acpi, nfit: validate ars_status output buffer size (bsc#1023175).
– arm64/numa: fix incorrect log for memory-less node (bsc#1019631).
– ASoC: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).
– ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled
(bsc#1010690).
– ASoC: rt5670: add HS ground control (bsc#1016250).
– avoid including “mountproto=” with no protocol in /proc/mounts
(bsc#1019260).
– bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).
– bcache: partition support: add 16 minors per bcacheN device
(bsc#1019784).
– blacklist.conf: add 1b8d2afde54f libnvdimm, pfn: fix ARCH=alpha
allmodconfig build failure (bsc#1023175).
– blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)
– blk: Do not collide with QUEUE_FLAG_WC from upstream (bsc#1022547)
– blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).
– blk-mq: Always schedule hctx->next_cpu (bsc#1020817).
– blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).
– blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).
– blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).
– blk-mq: improve warning for running a queue on the wrong CPU
(bsc#1020817).
– block: Change extern inline to static inline (bsc#1023175).
– Bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).
– bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
– brcmfmac: Change error print on wlan0 existence (bsc#1000092).
– btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).
– btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in
btrfs_ioctl (bsc#1018100).
– btrfs: fix inode leak on failure to setup whiteout inode in rename
(bsc#1020975).
– btrfs: fix lockdep warning about log_mutex (bsc#1021455).
– btrfs: fix lockdep warning on deadlock against an inode’s log mutex
(bsc#1021455).
– btrfs: fix number of transaction units for renames with whiteout
(bsc#1020975).
– btrfs: incremental send, fix invalid paths for rename operations
(bsc#1018316).
– btrfs: incremental send, fix premature rmdir operations (bsc#1018316).
– btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
(bsc#981709).
– btrfs: pin log earlier when renaming (bsc#1020975).
– btrfs: pin logs earlier when doing a rename exchange operation
(bsc#1020975).
– btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
(bsc#981709).
– btrfs: send, add missing error check for calls to path_loop()
(bsc#1018316).
– btrfs: send, avoid incorrect leaf accesses when sending utimes
operations (bsc#1018316).
– btrfs: send, fix failure to move directories with the same name around
(bsc#1018316).
– btrfs: send, fix invalid leaf accesses due to incorrect utimes
operations (bsc#1018316).
– btrfs: send, fix warning due to late freeing of orphan_dir_info
structures (bsc#1018316).
– btrfs: test_check_exists: Fix infinite loop when searching for free
space entries (bsc#987192).
– btrfs: unpin log if rename operation fails (bsc#1020975).
– btrfs: unpin logs if rename exchange operation fails (bsc#1020975).
– [BZ 149851] kernel: Fix invalid domain response handling (bnc#1009718,
LTC#149851).
– ceph: fix bad endianness handling in parse_reply_info_extra
(bsc#1020488).
– clk: xgene: Add PMD clock (bsc#1019351).
– clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).
– clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).
– config: enable Ceph kernel client modules for ppc64le (fate#321098)
– config: enable Ceph kernel client modules for s390x (fate#321098)
– config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)
– crypto: drbg – do not call drbg_instantiate in healt test (bsc#1018913).
– crypto: drbg – remove FIPS 140-2 continuous test (bsc#1018913).
– crypto: FIPS – allow tests to be disabled in FIPS mode (bsc#1018913).
– crypto: qat – fix bar discovery for c62x (bsc#1021251).
– crypto: qat – zero esram only for DH85x devices (1021248).
– crypto: rsa – allow keys >= 2048 bits in FIPS mode (bsc#1018913).
– crypto: xts – consolidate sanity check for keys (bsc#1018913).
– crypto: xts – fix compile errors (bsc#1018913).
– cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).
– dax: fix deadlock with DAX 4k holes (bsc#1012829).
– dax: fix device-dax region base (bsc#1023175).
– device-dax: check devm_nsio_enable() return value (bsc#1023175).
– device-dax: fail all private mapping attempts (bsc#1023175).
– device-dax: fix percpu_ref_exit ordering (bsc#1023175).
– driver core: fix race between creating/querying glue dir and its cleanup
(bnc#1008742).
– drivers:hv: balloon: account for gaps in hot add regions (fate#320485).
– drivers:hv: balloon: Add logging for dynamic memory operations
(fate#320485).
– drivers:hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not
set (fate#320485).
– drivers:hv: balloon: Fix info request to show max page count
(fate#320485).
– drivers:hv: balloon: keep track of where ha_region starts (fate#320485).
– drivers:hv: balloon: replace ha_region_mutex with spinlock (fate#320485).
– drivers:hv: balloon: Use available memory value in pressure report
(fate#320485).
– drivers:hv: cleanup vmbus_open() for wrap around mappings (fate#320485).
– drivers:hv: do not leak memory in vmbus_establish_gpadl() (fate#320485).
– drivers:hv: get rid of id in struct vmbus_channel (fate#320485).
– drivers:hv: get rid of redundant messagecount in create_gpadl_header()
(fate#320485).
– drivers:hv: get rid of timeout in vmbus_open() (fate#320485).
– drivers:hv: Introduce a policy for controlling channel affinity
(fate#320485).
– drivers:hv: make VMBus bus ids persistent (fate#320485).
– drivers:hv: ring_buffer: count on wrap around mappings in
get_next_pkt_raw() (v2) (fate#320485).
– drivers:hv: ring_buffer: use wrap around mappings in hv_copy{from,
to}_ringbuffer() (fate#320485).
– drivers:hv: ring_buffer: wrap around mappings for ring buffers
(fate#320485).
– drivers:hv: utils: Check VSS daemon is listening before a hot backup
(fate#320485).
– drivers:hv: utils: Continue to poll VSS channel after handling requests
(fate#320485).
– drivers:hv: utils: fix a race on userspace daemons registration
(bnc#1014392).
– drivers:hv: utils: Fix the mapping between host version and protocol to
use (fate#320485).
– drivers:hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (fate#320485).
– drivers:hv: vmbus: Base host signaling strictly on the ring state
(fate#320485).
– drivers:hv: vmbus: Enable explicit signaling policy for NIC channels
(fate#320485).
– drivers:hv: vmbus: finally fix hv_need_to_signal_on_read() (fate#320485,
bug#1018385).
– drivers:hv: vmbus: fix the race when querying & updating the percpu list
(fate#320485).
– drivers:hv: vmbus: Implement a mechanism to tag the channel for low
latency (fate#320485).
– drivers: hv: vmbus: Make mmio resource local (fate#320485).
– drivers:hv: vmbus: On the read path cleanup the logic to interrupt the
host (fate#320485).
– drivers:hv: vmbus: On write cleanup the logic to interrupt the host
(fate#320485).
– drivers:hv: vmbus: Reduce the delay between retries in vmbus_post_msg()
(fate#320485).
– drivers:hv: vmbus: suppress some “hv_vmbus: Unknown GUID” warnings
(fate#320485).
– drivers:hv: vss: Improve log messages (fate#320485).
– drivers:hv: vss: Operation timeouts should match host expectation
(fate#320485).
– drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).
– drivers: net: phy: xgene: Fix ‘remove’ function (bsc#1019351).
– drivers: net: xgene: Add change_mtu function (bsc#1019351).
– drivers: net: xgene: Add flow control configuration (bsc#1019351).
– drivers: net: xgene: Add flow control initialization (bsc#1019351).
– drivers: net: xgene: Add helper function (bsc#1019351).
– drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).
– drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).
– drivers: net: xgene: fix build after change_mtu function change
(bsc#1019351).
– drivers: net: xgene: fix: Coalescing values for v2 hardware
(bsc#1019351).
– drivers: net: xgene: fix: Disable coalescing on v1 hardware
(bsc#1019351).
– drivers: net: xgene: Fix MSS programming (bsc#1019351).
– drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).
– drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).
– drivers: net: xgene: uninitialized variable in
xgene_enet_free_pagepool() (bsc#1019351).
– drm: Fix broken VT switch with video=1366×768 option (bsc#1018358).
– drm/i915: add helpers for platform specific revision id range checks
(bsc#1015367).
– drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also
(bsc#1015367).
– drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367).
– drm/i915: Call intel_dp_mst_resume() before resuming displays
(bsc#1015359).
– drm/i915: Cleaning up DDI translation tables (bsc#1014392).
– drm/i915: Clean up L3 SQC register field definitions (bsc#1014392).
– drm/i915: Do not init hpd polling for vlv and chv from runtime_suspend()
(bsc#1014120).
– drm-i915-dp-Restore-PPS-HW-state-from-the-encoder-re
– drm/i915/dp: Restore PPS HW state from the encoder resume hook
(bsc#1019061).
– drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C
(bsc#1015367).
– drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367).
– drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry
2 (bsc#1014392).
– drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367).
– drm/i915: Fix watermarks for VLV/CHV (bsc#1011176).
– drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367).
– drm/i915: Force VDD off on the new power seqeuencer before starting to
use it (bsc#1009674).
– drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392).
– drm/i915/gen9: Fix PCODE polling during CDCLK change notification
(bsc#1015367).
– drm/i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).
– drm/i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).
– drm-i915-Prevent-PPS-stealing-from-a-normal-DP-port
– drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV
(bsc#1019061).
– drm/i915: remove parens around revision ids (bsc#1015367).
– drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392).
– drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367).
– drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367).
– drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392).
– drm/i915/skl: Update watermarks before the crtc is disabled
(bsc#1015367).
– drm/i915: Update Skylake DDI translation table for DP (bsc#1014392).
– drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392).
– drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367).
– drm/i915/vlv: Prevent enabling hpd polling in late suspend (bsc#1014120).
– drm/i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).
– drm: Use u64 for intermediate dotclock calculations (bnc#1006472).
– drm/vc4: Fix an integer overflow in temporary allocation layout
(bsc#1021294).
– drm/vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).
– drm: virtio-gpu: get the fb from the plane state for atomic updates
(bsc#1023101).
– EDAC, xgene: Fix spelling mistake in error messages (bsc#1019351).
– efi/libstub: Move Graphics Output Protocol handling to generic code
(bnc#974215).
– fbcon: Fix vc attr at deinit (bsc#1000619).
– Fix kABI breakage by i2c-designware baytrail fix (bsc#1011913).
– Fix kABI breakage by linux/acpi.h inclusion in i8042-x86ia46io.h
(bsc#1011660).
– gpio: xgene: make explicitly non-modular (bsc#1019351).
– gro_cells: mark napi struct as not busy poll candidates (bsc#966191
FATE#320230 bsc#966186 FATE#320228).
– hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels()
(fate#320485).
– hv: change clockevents unbind tactics (fate#320485).
– hv: do not reset hv_context.tsc_page on crash (fate#320485, bnc#1007729).
– hv_netvsc: add ethtool statistics for tx packet issues (fate#320485).
– hv_netvsc: Add handler for physical link speed change (fate#320485).
– hv_netvsc: Add query for initial physical link speed (fate#320485).
– hv_netvsc: count multicast packets received (fate#320485).
– hv_netvsc: dev hold/put reference to VF (fate#320485).
– hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf()
(fate#320485).
– hv_netvsc: fix comments (fate#320485).
– hv_netvsc: fix rtnl locking in callback (fate#320485).
– hv_netvsc: Implement batching of receive completions (fate#320485).
– hv_netvsc: improve VF device matching (fate#320485).
– hv_netvsc: init completion during alloc (fate#320485).
– hv_netvsc: make device_remove void (fate#320485).
– hv_netvsc: make inline functions static (fate#320485).
– hv_netvsc: make netvsc_destroy_buf void (fate#320485).
– hv_netvsc: make RSS hash key static (fate#320485).
– hv_netvsc: make variable local (fate#320485).
– hv_netvsc: rearrange start_xmit (fate#320485).
– hv_netvsc: refactor completion function (fate#320485).
– hv_netvsc: remove excessive logging on MTU change (fate#320485).
– hv_netvsc: remove VF in flight counters (fate#320485).
– hv_netvsc: report vmbus name in ethtool (fate#320485).
– hv_netvsc: simplify callback event code (fate#320485).
– hv_netvsc: style cleanups (fate#320485).
– hv_netvsc: use ARRAY_SIZE() for NDIS versions (fate#320485).
– hv_netvsc: use consume_skb (fate#320485).
– hv_netvsc: use kcalloc (fate#320485).
– hv_netvsc: use RCU to protect vf_netdev (fate#320485).
– hyperv: Fix spelling of HV_UNKOWN (fate#320485).
– i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while
holding the punit semaphore (bsc#1011913).
– i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).
– i2c: designware: Implement support for SMBus block read and write
(bsc#1019351).
– i2c: xgene: Fix missing code of DTB support (bsc#1019351).
– i40e: Be much more verbose about what we can and cannot offload
(bsc#985561).
– i915: Delete previous two fixes for i915 (bsc#1019061). These upstream
fixes brought some regressions, so better to revert for now.
– i915: Disable
patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The
patch seems leading to the instability on Wyse box (bsc#1015367).
– IB/core: Fix possible memory leak in cma_resolve_iboe_route()
(bsc#966191 FATE#320230 bsc#966186 FATE#320228).
– IB/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225
bsc#966172 FATE#320226).
– IB/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172
FATE#320226).
– IB/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225
bsc#966172 FATE#320226).
– ibmveth: calculate gso_segs for large packets (bsc#1019148).
– ibmveth: check return of skb_linearize in ibmveth_start_xmit
(bsc#1019148).
– ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
– ibmveth: set correct gso_size and gso_type (bsc#1019148).
– ibmvnic: convert to use simple_open() (bsc#1015416).
– ibmvnic: Driver Version 1.0.1 (bsc#1015416).
– ibmvnic: drop duplicate header seq_file.h (bsc#1015416).
– ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416).
– ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416).
– ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416).
– ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
(bsc#1015416).
– ibmvnic: Fix size of debugfs name buffer (bsc#1015416).
– ibmvnic: Handle backing device failover and reinitialization
(bsc#1015416).
– ibmvnic: Start completion queue negotiation at server-provided optimum
values (bsc#1015416).
– ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416).
– ibmvnic: Update MTU after device initialization (bsc#1015416).
– igb: add i211 to i210 PHY workaround (bsc#1009911).
– igb: Workaround for igb i210 firmware issue (bsc#1009911).
– Input: i8042 – Trust firmware a bit more when probing on X86
(bsc#1011660).
– intel_idle: Add KBL support (bsc#1016884).
– ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).
– ipc/sem.c: add cond_resched in exit_sme (bsc#979378).
– ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474
FATE#319812 bsc#969475 FATE#319814).
– ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474
FATE#319812 bsc#969475 FATE#319814).
– KABI fix (bsc#1014410).
– kABI: protect struct mm_struct (kabi).
– kABI: protect struct musb_platform_ops (kabi).
– kABI: protect struct task_struct (kabi).
– kABI: protect struct user_fpsimd_state (kabi).
– kABI: protect struct wake_irq (kabi).
– kABI: protect struct xhci_hcd (kabi).
– kABI: protect user_namespace include in fs/exec (kabi).
– kABI: protect user_namespace include in kernel/ptrace (kabi).
– kabi/severities: Ignore changes in drivers/hv
– kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread
(bsc#1010612, fate#313296).
– kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,
fate#313296).
– libnvdimm, pfn: fix align attribute (bsc#1023175).
– locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock()
(bsc#969756).
– locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212).
– locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212).
– mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).
– md-cluster: convert the completion to wait queue (fate#316335).
– md-cluster: protect md_find_rdev_nr_rcu with rcu lock (fate#316335).
– md: fix refcount problem on mddev when stopping array (bsc#1022304).
– md linear: fix a race between linear_add() and linear_congested()
(bsc#1018446).
– [media] uvcvideo: uvc_scan_fallback() for webcams with broken chain
(bsc#1021474).
– misc/genwqe: ensure zero initialization (fate#321595).
– mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for
sdhci-arasan4.9a (bsc#1019351).
– mm: do not loop on GFP_REPEAT high order requests if there is no reclaim
progress (bnc#1013000).
– mm, memcg: do not retry precharge charges (bnc#1022559).
– mm, page_alloc: fix check for NULL preferred_zone (bnc#971975 VM
performance — page allocator).
– mm, page_alloc: fix fast-path race with cpuset update or removal
(bnc#971975 VM performance — page allocator).
– mm, page_alloc: fix premature OOM when racing with cpuset mems update
(bnc#971975 VM performance — page allocator).
– mm, page_alloc: keep pcp count and list contents in sync if struct page
is corrupted (bnc#971975 VM performance — page allocator).
– mm, page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM
performance — page allocator).
– mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).
– mwifiex: fix IBSS data path issue (bsc#1018813).
– mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).
– net/af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,
LTC#150566).
– net: ethernet: apm: xgene: use phydev from struct net_device
(bsc#1019351).
– net/hyperv: avoid uninitialized variable (fate#320485).
– net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701).
– net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701).
– net/mlx4_en: Fix panic on xmit while port is down (bsc#966191
FATE#320230).
– net/mlx5e: Use correct flow dissector key on flower offloading
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
– net/mlx5: Fix autogroups groups num not decreasing (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
– net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225
bsc#966172 FATE#320226).
– net: remove useless memset’s in drivers get_stats64 (bsc#1019351).
– net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225
bsc#966172 FATE#320226).
– netvsc: add rcu_read locking to netvsc callback (fate#320485).
– netvsc: fix checksum on UDP IPV6 (fate#320485).
– netvsc: reduce maximum GSO size (fate#320485).
– netvsc: Remove mistaken udp.h inclusion (fate#320485).
– net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).
– net: xgene: fix backward compatibility fix (bsc#1019351).
– net/xgene: fix error handling during reset (bsc#1019351).
– net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).
– nfit: fail DSMs that return non-zero status by default (bsc#1023175).
– NFSv4: Cap the transport reconnection timer at 1/2 lease period
(bsc#1014410).
– NFSv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
– nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).
– nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).
– ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()
(bnc#921494).
– pci: Add devm_request_pci_bus_resources() (bsc#1019351).
– PCI/AER: include header file (bsc#964944,FATE#319965).
– pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).
– pci: hv: Allocate physically contiguous hypercall params buffer
(fate#320485).
– pci: hv: Delete the device earlier from hbus->children for hot-remove
(fate#320485).
– pci: hv: Fix hv_pci_remove() for hot-remove (fate#320485).
– pci: hv: Handle hv_pci_generic_compl() error case (fate#320485).
– pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg()
(fate#320485).
– pci: hv: Make unnecessarily global IRQ masking functions static
(fate#320485).
– pci: hv: Remove the unused ‘wrk’ in struct hv_pcibus_device
(fate#320485).
– pci: hv: Use list_move_tail() instead of list_del() + list_add_tail()
(fate#320485).
– pci: hv: Use pci_function_description in struct definitions
(fate#320485).
– pci: hv: Use the correct buffer size in new_pcichild_device()
(fate#320485).
– pci: hv: Use zero-length array in struct pci_packet (fate#320485).
– pci: xgene: Add local struct device pointers (bsc#1019351).
– pci: xgene: Add register accessors (bsc#1019351).
– pci: xgene: Free bridge resource list on failure (bsc#1019351).
– pci: xgene: Make explicitly non-modular (bsc#1019351).
– pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).
– pci: xgene: Remove unused platform data (bsc#1019351).
– pci: xgene: Request host bridge window resources (bsc#1019351).
– perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).
– phy: xgene: rename “enum phy_mode” to “enum xgene_phy_mode”
(bsc#1019351).
– powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
– power: reset: xgene-reboot: Unmap region obtained by of_iomap
(bsc#1019351).
– qeth: check not more than 16 SBALEs on the completion queue
(bnc#1009718, LTC#148203).
– raid1: ignore discard error (bsc#1017164).
– reiserfs: fix race in prealloc discard (bsc#987576).
– rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
– rpm/kernel-binary.spec.in: Fix installation of /etc/uefi/certs
(bsc#1019594)
– rtc: cmos: avoid unused function warning (bsc#1022429).
– rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).
– rtc: cmos: Do not enable interrupts in the middle of the interrupt
handler (bsc#1022429).
– rtc: cmos: Restore alarm after resume (bsc#1022429).
– s390/cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).
– s390/sysinfo: show partition extended name and UUID if available
(bnc#1009718, LTC#150160).
– s390/time: LPAR offset handling (bnc#1009718, LTC#146920).
– s390/time: move PTFF definitions (bnc#1009718, LTC#146920).
– sched: Allow hotplug notifiers to be setup early (bnc#1022476).
– sched/core: Fix incorrect utilization accounting when switching to fair
class (bnc#1022476).
– sched/core: Fix set_user_nice() (bnc#1022476).
– sched/core, x86/topology: Fix NUMA in package topology bug (bnc#1022476).
– sched/cputime: Add steal time support to full dynticks CPU time
accounting (bnc#1022476).
– sched/cputime: Fix prev steal time accouting during CPU hotplug
(bnc#1022476).
– sched/deadline: Always calculate end of period on sched_yield()
(bnc#1022476).
– sched/deadline: Fix a bug in dl_overflow() (bnc#1022476).
– sched/deadline: Fix lock pinning warning during CPU hotplug
(bnc#1022476).
– sched/deadline: Fix wrap-around in DL heap (bnc#1022476).
– sched/fair: Avoid using decay_load_missed() with a negative value
(bnc#1022476).
– sched/fair: Fix fixed point arithmetic width for shares and effective
load (bnc#1022476).
– sched/fair: Fix load_above_capacity fixed point arithmetic width
(bnc#1022476).
– sched/fair: Fix min_vruntime tracking (bnc#1022476).
– sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task()
(bnc#1022476).
– sched/fair: Improve PELT stuff some more (bnc#1022476).
– sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).
– sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).
– sched/rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).
– sched/rt, sched/dl: Do not push if task’s scheduling class was changed
(bnc#1022476).
– scsi: Add ‘AIX VDASD’ to blacklist (bsc#1006469).
– scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).
– scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).
– scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).
– scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels
(fate#320485).
– sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).
– serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).
– serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update
config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,
too. Also, the corresponding entry got removed from supported.conf.
– ses: Fix SAS device detection in enclosure (bsc#1016403).
– sunrpc: Fix reconnection timeouts (bsc#1014410).
– sunrpc: fix refcounting problems with auth_gss messages (boo#1011250).
– sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
(bsc#1014410).
– supported.conf: delete xilinx/ll_temac (bsc#1011602)
– supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail
(bsc#1018813)
– target: add XCOPY target/segment desc sense codes (bsc#991273).
– target: bounds check XCOPY segment descriptor list (bsc#991273).
– target: bounds check XCOPY total descriptor list length (bsc#991273).
– target: check for XCOPY parameter truncation (bsc#991273).
– target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
– target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense
(bsc#991273).
– target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
– target: support XCOPY requests without parameters (bsc#991273).
– target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
– target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
– tools: hv: Enable network manager for bonding scripts on RHEL
(fate#320485).
– tools: hv: fix a compile warning in snprintf (fate#320485).
– Tools: hv: kvp: configurable external scripts path (fate#320485).
– Tools: hv: kvp: ensure kvp device fd is closed on exec (fate#320485).
– tools: hv: remove unnecessary header files and netlink related code
(fate#320485).
– tools: hv: remove unnecessary link flag (fate#320485).
– tty: n_hdlc, fix lockdep false positive (bnc#1015840).
– Update metadata for serial fixes (bsc#1013001)
– vmbus: make sysfs names consistent with PCI (fate#320485).
– x86/hpet: Reduce HPET counter read contention (bsc#1014710).
– x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic
(fate#320485).
– x86/MCE: Dump MCE to dmesg if no consumers (bsc#1013994).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-245=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (x86_64):

kernel-debug-4.4.46-11.1
kernel-debug-base-4.4.46-11.1
kernel-debug-base-debuginfo-4.4.46-11.1
kernel-debug-debuginfo-4.4.46-11.1
kernel-debug-debugsource-4.4.46-11.1
kernel-debug-devel-4.4.46-11.1
kernel-debug-devel-debuginfo-4.4.46-11.1
kernel-default-4.4.46-11.1
kernel-default-base-4.4.46-11.1
kernel-default-base-debuginfo-4.4.46-11.1
kernel-default-debuginfo-4.4.46-11.1
kernel-default-debugsource-4.4.46-11.1
kernel-default-devel-4.4.46-11.1
kernel-obs-build-4.4.46-11.1
kernel-obs-build-debugsource-4.4.46-11.1
kernel-obs-qa-4.4.46-11.1
kernel-syms-4.4.46-11.1
kernel-vanilla-4.4.46-11.1
kernel-vanilla-base-4.4.46-11.1
kernel-vanilla-base-debuginfo-4.4.46-11.1
kernel-vanilla-debuginfo-4.4.46-11.1
kernel-vanilla-debugsource-4.4.46-11.1
kernel-vanilla-devel-4.4.46-11.1

– openSUSE Leap 42.2 (noarch):

kernel-devel-4.4.46-11.1
kernel-docs-4.4.46-11.3
kernel-docs-html-4.4.46-11.3
kernel-docs-pdf-4.4.46-11.3
kernel-macros-4.4.46-11.1
kernel-source-4.4.46-11.1
kernel-source-vanilla-4.4.46-11.1

References:

https://www.suse.com/security/cve/CVE-2015-8709.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-8645.html
https://www.suse.com/security/cve/CVE-2016-9793.html
https://www.suse.com/security/cve/CVE-2016-9806.html
https://www.suse.com/security/cve/CVE-2016-9919.html
https://www.suse.com/security/cve/CVE-2017-2583.html
https://www.suse.com/security/cve/CVE-2017-2584.html
https://www.suse.com/security/cve/CVE-2017-5551.html
https://www.suse.com/security/cve/CVE-2017-5576.html
https://www.suse.com/security/cve/CVE-2017-5577.html
https://bugzilla.suse.com/1000092
https://bugzilla.suse.com/1000619
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1003253
https://bugzilla.suse.com/1005918
https://bugzilla.suse.com/1006469
https://bugzilla.suse.com/1006472
https://bugzilla.suse.com/1007729
https://bugzilla.suse.com/1008742
https://bugzilla.suse.com/1009546
https://bugzilla.suse.com/1009674
https://bugzilla.suse.com/1009718
https://bugzilla.suse.com/1009911
https://bugzilla.suse.com/1009969
https://bugzilla.suse.com/1010612
https://bugzilla.suse.com/1010690
https://bugzilla.suse.com/1011176
https://bugzilla.suse.com/1011250
https://bugzilla.suse.com/1011602
https://bugzilla.suse.com/1011660
https://bugzilla.suse.com/1011913
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1012910
https://bugzilla.suse.com/1013000
https://bugzilla.suse.com/1013001
https://bugzilla.suse.com/1013273
https://bugzilla.suse.com/1013531
https://bugzilla.suse.com/1013540
https://bugzilla.suse.com/1013542
https://bugzilla.suse.com/1013792
https://bugzilla.suse.com/1013994
https://bugzilla.suse.com/1014120
https://bugzilla.suse.com/1014392
https://bugzilla.suse.com/1014410
https://bugzilla.suse.com/1014701
https://bugzilla.suse.com/1014710
https://bugzilla.suse.com/1015038
https://bugzilla.suse.com/1015212
https://bugzilla.suse.com/1015359
https://bugzilla.suse.com/1015367
https://bugzilla.suse.com/1015416
https://bugzilla.suse.com/1015840
https://bugzilla.suse.com/1016250
https://bugzilla.suse.com/1016403
https://bugzilla.suse.com/1016517
https://bugzilla.suse.com/1016884
https://bugzilla.suse.com/1016979
https://bugzilla.suse.com/1017164
https://bugzilla.suse.com/1017170
https://bugzilla.suse.com/1017410
https://bugzilla.suse.com/1017589
https://bugzilla.suse.com/1018100
https://bugzilla.suse.com/1018316
https://bugzilla.suse.com/1018358
https://bugzilla.suse.com/1018385
https://bugzilla.suse.com/1018446
https://bugzilla.suse.com/1018813
https://bugzilla.suse.com/1018913
https://bugzilla.suse.com/1019061
https://bugzilla.suse.com/1019148
https://bugzilla.suse.com/1019260
https://bugzilla.suse.com/1019351
https://bugzilla.suse.com/1019594
https://bugzilla.suse.com/1019630
https://bugzilla.suse.com/1019631
https://bugzilla.suse.com/1019784
https://bugzilla.suse.com/1019851
https://bugzilla.suse.com/1020214
https://bugzilla.suse.com/1020488
https://bugzilla.suse.com/1020602
https://bugzilla.suse.com/1020685
https://bugzilla.suse.com/1020817
https://bugzilla.suse.com/1020945
https://bugzilla.suse.com/1020975
https://bugzilla.suse.com/1021248
https://bugzilla.suse.com/1021251
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/1021260
https://bugzilla.suse.com/1021294
https://bugzilla.suse.com/1021455
https://bugzilla.suse.com/1021474
https://bugzilla.suse.com/1022304
https://bugzilla.suse.com/1022429
https://bugzilla.suse.com/1022476
https://bugzilla.suse.com/1022547
https://bugzilla.suse.com/1022559
https://bugzilla.suse.com/1022971
https://bugzilla.suse.com/1023101
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/921494
https://bugzilla.suse.com/959709
https://bugzilla.suse.com/960561
https://bugzilla.suse.com/964944
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966186
https://bugzilla.suse.com/966191
https://bugzilla.suse.com/969474
https://bugzilla.suse.com/969475
https://bugzilla.suse.com/969756
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/974215
https://bugzilla.suse.com/979378
https://bugzilla.suse.com/981709
https://bugzilla.suse.com/985561
https://bugzilla.suse.com/987192
https://bugzilla.suse.com/987576
https://bugzilla.suse.com/991273

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org